Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11022 (GCVE-0-2020-11022)
Vulnerability from cvelistv5 – Published: 2020-04-29 00:00 – Updated: 2026-04-13 13:53
VLAI
EPSS
Title
jQuery has a potential XSS vulnerability
Summary
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Severity
6.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
47 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4693",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"name": "FEDORA-2020-11be4b36d4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"
},
{
"name": "FEDORA-2020-36d2db5f51",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"name": "openSUSE-SU-2020:1060",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"name": "GLSA-202007-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"name": "openSUSE-SU-2020:1106",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"name": "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E"
},
{
"name": "FEDORA-2020-fbb94073a1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
},
{
"name": "FEDORA-2020-0b32a59b54",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
},
{
"name": "FEDORA-2020-fe94df8c34",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:1888",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jQuery",
"vendor": "jquery",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 3.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:53:08.239Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
},
{
"name": "https://github.com/maximebf/php-debugbar/issues/447",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/maximebf/php-debugbar/issues/447"
},
{
"name": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"name": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W"
},
{
"name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"name": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"name": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
},
{
"name": "https://security.gentoo.org/glsa/202007-03",
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"name": "https://www.debian.org/security/2020/dsa-4693",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"name": "https://www.drupal.org/sa-core-2020-002",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.tenable.com/security/tns-2020-10",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"name": "https://www.tenable.com/security/tns-2020-11",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"name": "https://www.tenable.com/security/tns-2021-02",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"name": "https://www.tenable.com/security/tns-2021-10",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
},
{
"name": "https://github.com/jquery/jquery/releases/tag/3.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jquery/jquery/releases/tag/3.5.0"
},
{
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml"
},
{
"name": "https://jquery.com/upgrade-guide/3.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://jquery.com/upgrade-guide/3.5"
},
{
"name": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B",
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B"
},
{
"name": "http://security.netapp.com/advisory/ntap-20200511-0006",
"tags": [
"x_refsource_MISC"
],
"url": "http://security.netapp.com/advisory/ntap-20200511-0006"
}
],
"source": {
"advisory": "GHSA-gxr4-xjj5-5px2",
"discovery": "UNKNOWN"
},
"title": "jQuery has a potential XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11022",
"datePublished": "2020-04-29T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2026-04-13T13:53:08.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-11022",
"date": "2026-05-30",
"epss": "0.02456",
"percentile": "0.85477"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11022\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-04-29T22:15:11.903\",\"lastModified\":\"2026-04-13T15:16:29.173\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.\"},{\"lang\":\"es\",\"value\":\"En las versiones de jQuery mayores o iguales a 1.2 y anteriores a la versi\u00f3n 3.5.0, se puede ejecutar HTML desde fuentes no seguras, incluso despu\u00e9s de desinfectarlo, a uno de los m\u00e9todos de manipulaci\u00f3n DOM de jQuery (es decir .html (), .append () y otros). c\u00f3digo no seguro Este problema est\u00e1 corregido en jQuery 3.5.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2\",\"versionEndExcluding\":\"3.5.0\",\"matchCriteriaId\":\"B5CFA4CA-5296-4B78-8D65-34FC63A09DEF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.70\",\"matchCriteriaId\":\"70C672EE-2027-4A29-8C14-3450DEF1462A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.7.0\",\"versionEndExcluding\":\"8.7.14\",\"matchCriteriaId\":\"BBFE42E2-6583-4EBE-B320-B8CF9CA0C3BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0\",\"versionEndExcluding\":\"8.8.6\",\"matchCriteriaId\":\"7BA49DB0-ECC3-4155-B76C-0CA292600DE6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A079FD6E-3BB0-4997-9A8E-6F8FEC89887A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBE7BF09-B89C-4590-821E-6C0587E096B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7231D2D-4092-44F3-B60A-D7C9ED78AFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18127694-109C-4E7E-AE79-0BA351849291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.2\",\"matchCriteriaId\":\"D0DBC938-A782-433F-8BF1-CA250C332AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B796AC70-A220-48D8-B8CD-97CF57227962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A89FD-6B86-49AE-9B4F-AE7262915E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\\\::*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"FAFED7F5-03FA-43B5-AD13-1130F0324448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.4.0\",\"matchCriteriaId\":\"1A0E3537-CB5A-40BF-B42C-CED9211B8892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"726DB59B-00C7-444E-83F7-CB31032482AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7015A8CB-8FA6-423E-8307-BD903244F517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6.0.0\",\"versionEndIncluding\":\"8.1.0.0.0\",\"matchCriteriaId\":\"F2BB6A71-6AF6-4C0B-9304-4111E32108D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"AD080793-FC45-4260-8E45-40E228F432FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA29E6-F393-46E5-B2B3-9158077819A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD1EC13-CC2F-4668-90D2-D8609066F2DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D614F76-0AA1-4EA8-A24A-38EFC90EF5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39B8DFFF-B037-4F29-8C8E-F4BBC3435199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"C5E0646D-4866-41FB-AE2E-5307B6F4004A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A566893-8DCF-49E4-93D0-0ACCEFD70D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"B37FC113-4F40-4D29-8712-7AD250373008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00E5D719-249D-48B8-BAFC-1E14D250B3F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"712577A9-04D6-4579-A82B-72200E467399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.9\",\"matchCriteriaId\":\"672949B4-1989-4AA7-806F-EEC07D07F317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987A0C35-4C7F-4FFB-B47B-37B69A32F879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3B6BE3-4C5A-402F-832C-86A0A6234C25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9476D1DA-C8A8-40A0-94DD-9B46C05FD461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34070F24-2E53-43EC-9117-E1434B2C4C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B2C2F6-235F-4E78-A299-18C041C05C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F727AAC6-6D9F-4B28-B07C-6A93916C43A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"6662C783-5B5C-4559-89F5-1A681AA46A3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C17460-D326-4525-A7D1-0AED53E75E18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37C8EE84-A840-4132-B331-C7D450B1FBBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8436A2-9CA3-4C91-B632-9B03368ABC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A00142E6-EEB3-44BD-AB0D-0E5C5640557F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6149C89E-0111-4CF9-90CA-0662D2F75E04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CDDF6CA-6441-4606-9D2F-22A67BA46978\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA4D6CF-D54A-40DF-9B70-E13392D0BE19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"2A333755-4B6E-4A0F-AC48-4CEA70CD5801\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"397B1A24-7C95-4A73-8363-4529A7F6CFCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6D5112-4055-4F89-A5B3-0DCB109481B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D262848E-AA24-4057-A747-6221BA22ADF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A01F8ED-64DA-43BC-9C02-488010BCD0F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75638A6A-88B2-4BC7-84EA-1CF5FC30D555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501B9331-6BB7-44BF-A664-180CAFABF88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2A3AE3C-8E24-4FB6-9954-9B50CBD59B21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E565DA-91BE-44FC-A28F-579BE8D2281A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"AED72F90-3B68-45AC-865C-110F7FD30D37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.9\",\"matchCriteriaId\":\"4F909C61-1A74-402C-B74F-BAF7297875B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B95E8056-51D8-4390-ADE3-661B7AE1D7CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"609D6EDF-D4D0-4370-9B8B-CA39D41946C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9059A907-508B-4844-8D7B-0FA68C0DF6A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC63D10-2326-4542-B345-31D45B9A7408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.1.0\",\"versionEndIncluding\":\"19.1.2\",\"matchCriteriaId\":\"7BFD7783-BE15-421C-A550-7FE15AB53ABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F7BF047-03C5-4A60-B718-E222B16DBF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A73D81-3E1A-42E6-AB96-835CDD5905F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66136D6D-FC52-40DB-B7B6-BA8B7758CE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06514F46-544B-4404-B45C-C9584EBC3131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD4BF9A-BF38-460D-974D-5B3255AAF946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"B7DB4831-F874-4D9D-AB58-BE4A554891EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0.0\",\"versionEndIncluding\":\"5.6.0.0\",\"matchCriteriaId\":\"B47C73D0-BE89-4D87-8765-12C507F13AFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8AA91A-1880-43CD-938D-48EF58ACF2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7506589-9B3B-49BA-B826-774BFDCC45B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.20\",\"matchCriteriaId\":\"15512D27-7BEB-4DDD-9A1B-447FC7156E3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.20\",\"matchCriteriaId\":\"90F0B2AB-453C-4585-8753-74D17BD20C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C7EEA3-AA72-48DA-A112-2923DBB37773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFAEA84-E376-40A2-8C9F-3E0676FEC527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"959316A8-C3AF-4126-A242-3835ED0AD1E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B9198C-11DF-4E80-ACFC-DC719CED8C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD1FCB0D-3E19-4461-9330-4D7F02972A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndIncluding\":\"3.1.3\",\"matchCriteriaId\":\"B9273745-6408-4CD3-94E8-9385D4F5FE69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108A2215-50FB-4074-94CF-C130FA14566D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F0B6C0-F930-480D-962B-3F4EFDCC13C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BC414-B250-4E3A-A478-A3881340D6B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FEB3337-BFDE-462A-908B-176F92053CEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736AEAE9-782B-4F71-9893-DED53367E102\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.9\",\"matchCriteriaId\":\"4ACF85D6-6B45-43DA-9C01-F0208186F014\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA6F2E4C-C935-40CF-972E-8C3D8A912134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.1\",\"versionEndIncluding\":\"20.1\",\"matchCriteriaId\":\"59830587-A6B0-4642-B566-6FD8792F7716\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B796AC70-A220-48D8-B8CD-97CF57227962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A89FD-6B86-49AE-9B4F-AE7262915E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\\\::*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.2\",\"matchCriteriaId\":\"FAFED7F5-03FA-43B5-AD13-1130F0324448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"726DB59B-00C7-444E-83F7-CB31032482AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7015A8CB-8FA6-423E-8307-BD903244F517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"021014B2-DC51-481C-BCFE-5857EFBDEDDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"AD080793-FC45-4260-8E45-40E228F432FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA29E6-F393-46E5-B2B3-9158077819A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD1EC13-CC2F-4668-90D2-D8609066F2DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D614F76-0AA1-4EA8-A24A-38EFC90EF5DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39B8DFFF-B037-4F29-8C8E-F4BBC3435199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"C5E0646D-4866-41FB-AE2E-5307B6F4004A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A566893-8DCF-49E4-93D0-0ACCEFD70D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"B37FC113-4F40-4D29-8712-7AD250373008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00E5D719-249D-48B8-BAFC-1E14D250B3F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"712577A9-04D6-4579-A82B-72200E467399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.9\",\"matchCriteriaId\":\"672949B4-1989-4AA7-806F-EEC07D07F317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987A0C35-4C7F-4FFB-B47B-37B69A32F879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3B6BE3-4C5A-402F-832C-86A0A6234C25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9476D1DA-C8A8-40A0-94DD-9B46C05FD461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34070F24-2E53-43EC-9117-E1434B2C4C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B2C2F6-235F-4E78-A299-18C041C05C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F727AAC6-6D9F-4B28-B07C-6A93916C43A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"6662C783-5B5C-4559-89F5-1A681AA46A3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C17460-D326-4525-A7D1-0AED53E75E18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37C8EE84-A840-4132-B331-C7D450B1FBBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8436A2-9CA3-4C91-B632-9B03368ABC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A00142E6-EEB3-44BD-AB0D-0E5C5640557F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6149C89E-0111-4CF9-90CA-0662D2F75E04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CDDF6CA-6441-4606-9D2F-22A67BA46978\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA4D6CF-D54A-40DF-9B70-E13392D0BE19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.8\",\"matchCriteriaId\":\"2A333755-4B6E-4A0F-AC48-4CEA70CD5801\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"397B1A24-7C95-4A73-8363-4529A7F6CFCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6D5112-4055-4F89-A5B3-0DCB109481B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D262848E-AA24-4057-A747-6221BA22ADF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A01F8ED-64DA-43BC-9C02-488010BCD0F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75638A6A-88B2-4BC7-84EA-1CF5FC30D555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501B9331-6BB7-44BF-A664-180CAFABF88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2A3AE3C-8E24-4FB6-9954-9B50CBD59B21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E565DA-91BE-44FC-A28F-579BE8D2281A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.1.0\",\"matchCriteriaId\":\"AED72F90-3B68-45AC-865C-110F7FD30D37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.6\",\"versionEndIncluding\":\"8.0.9\",\"matchCriteriaId\":\"4F909C61-1A74-402C-B74F-BAF7297875B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B95E8056-51D8-4390-ADE3-661B7AE1D7CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"609D6EDF-D4D0-4370-9B8B-CA39D41946C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9059A907-508B-4844-8D7B-0FA68C0DF6A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC63D10-2326-4542-B345-31D45B9A7408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F7BF047-03C5-4A60-B718-E222B16DBF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A73D81-3E1A-42E6-AB96-835CDD5905F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351F9DE9-2FCE-4BCA-A098-CDFB07E6E4B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66136D6D-FC52-40DB-B7B6-BA8B7758CE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06514F46-544B-4404-B45C-C9584EBC3131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BD4BF9A-BF38-460D-974D-5B3255AAF946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D10745C6-2751-4FD0-BDFA-84C7AB8066BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0.0\",\"versionEndIncluding\":\"5.6.0.0\",\"matchCriteriaId\":\"B47C73D0-BE89-4D87-8765-12C507F13AFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8AA91A-1880-43CD-938D-48EF58ACF2CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7506589-9B3B-49BA-B826-774BFDCC45B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"228DA523-4D6D-48C5-BDB0-DB1A60F23F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.20\",\"matchCriteriaId\":\"15512D27-7BEB-4DDD-9A1B-447FC7156E3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.0\",\"versionEndIncluding\":\"12.2.20\",\"matchCriteriaId\":\"90F0B2AB-453C-4585-8753-74D17BD20C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C7EEA3-AA72-48DA-A112-2923DBB37773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFAEA84-E376-40A2-8C9F-3E0676FEC527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"959316A8-C3AF-4126-A242-3835ED0AD1E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B9198C-11DF-4E80-ACFC-DC719CED8C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"http://security.netapp.com/advisory/ntap-20200511-0006\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/releases/tag/3.5.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/maximebf/php-debugbar/issues/447\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://jquery.com/upgrade-guide/3.5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202007-03\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4693\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2020-002\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2021.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2020-10\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2020-11\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-02\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-10\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://jquery.com/upgrade-guide/3.5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202007-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200511-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.drupal.org/sa-core-2020-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2020-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2020-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2020:2292-1
Vulnerability from csaf_suse - Published: 2020-08-21 12:32 - Updated: 2020-08-21 12:32Summary
Security update for SUSE Manager Server 3.2
Severity
Moderate
Notes
Title of the patch: Security update for SUSE Manager Server 3.2
Description of the patch:
This update fixes the following issues:
bind-formula:
- Remove wrong default for bind options preventing correct upload
of bind options using XMLRPC (bsc#1150657)
branch-network-formula:
- Make branch formula to assign home directory to ftp and tftp users (bsc#1162391)
py26-compat-salt:
- Do not make py26-compat-salt to require python-tornado on SLE15 (all SPs)
- Backport saltutil state module to 2016.11 codebase (bsc#1167556)
- Add new custom SUSE capability for saltutil state module
python-susemanager-retail:
- Allow bind options to be stored to and edited by retail_yaml (bsc#1150657)
release-notes-susemanager:
- Update to 3.2.15
- Bugs mentioned
bsc#1150657, bsc#1162391, bsc#1167556, bsc#1174965, bsc#1170331, bsc#1159184, bsc#1168227, bsc#1172831,
bsc#1173073, bsc#1167871, bsc#1169109, bsc#1159202, bsc#1168227, bsc#1153578, bsc#1141663, bsc#1174768,
bsc#1173946, bsc#1174167, bsc#1169865, bsc#1155794
spacewalk-backend:
- Fix issues importing RPM packages with long RPM headers (bsc#1174965)
- Do not make mgr-inter-sync to crash if there are non-ASCII
characters on an exception message (bsc#1170331)
- Validate cached package entries on ISS slave (bsc#1159184)
spacewalk-client-tools:
- Do not crash 'mgr-update-status' because 'long' type is not defined in Python 3
spacewalk-java:
- Skip upgrades when the target has not the same amount of products
as the installed set (bsc#1168227)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Prevent deadlock on suseusernotification (bsc#1173073)
- Avoid multiple base channels when onboarding minions (bsc#1167871)
- Hide message about changed Update Tag change (bsc#1169109)
- Refresh pillar after channel change
- Use 'changes' field if 'pchanges' field doesn't exist (bsc#1159202)
- Skip migration targets when they do not have the same amount of
products as the installed set (bsc#1168227)
spacewalk-utils:
- Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578)
- Fixes SSL hostname matching (bsc#1141663)
spacewalk-web:
- Fix saving of formulas (bsc#1174768)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
susemanager:
- Use python2-uyuni-common-libs and python3-uyuni-common-libs for
bootstrap repositories (bsc#1173946)
- Add 'python-singledispatch' to SLE12 (all SPs) and RES7 bootstrap repos. (bsc#1174700)
- Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as
it is required to get python3-M2crypto (bsc#1174167)
- Require python3-tornado only for SLE15/SLE15SP1 (bsc#1169865)
- Use python3-M2Crypto for all SLE15 versions and openSUSE Leap 15.1
bootstrap repositories
- Add dbus-1-glib to SLE12SP5 x86_64 to allow onboarding of AWS Cloud SLE12SP5
clients (they do not have it by defaul anymore)
susemanager-frontend-libs:
- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)
susemanager-schema:
- Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)
susemanager-sls:
- Avoid traceback error due lazy loading which_bin (bsc#1155794)
- Using new module path for which_bin to get rid of DeprecationWarning
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
spacewalk-schema-upgrade
5. Start the Spacewalk service:
spacewalk-service start
Patchnames: SUSE-2020-2292,SUSE-SUSE-Manager-Proxy-3.2-2020-2292,SUSE-SUSE-Manager-Server-3.2-2020-2292
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
63 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 3.2:python2-spacewalk-check-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-check-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-client-setup-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.2:zypp-plugin-spacewalk-1.0.7-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:bind-formula-0.1.1584363976.36bce64-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:py26-compat-salt-2016.11.10-6.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-app-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-applet-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-iss-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-server-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-sql-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-tools-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-base-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-html-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-java-2.8.78.29-3.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.29-3.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.29-3.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.29-3.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.29-3.50.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:spacewalk-utils-2.8.18.7-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.5-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-schema-3.2.24-3.40.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-sls-3.2.31-3.47.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 3.2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\nbind-formula:\n\n- Remove wrong default for bind options preventing correct upload\n of bind options using XMLRPC (bsc#1150657)\n\nbranch-network-formula:\n\n- Make branch formula to assign home directory to ftp and tftp users (bsc#1162391)\n\npy26-compat-salt:\n\n- Do not make py26-compat-salt to require python-tornado on SLE15 (all SPs)\n- Backport saltutil state module to 2016.11 codebase (bsc#1167556)\n- Add new custom SUSE capability for saltutil state module\n\npython-susemanager-retail:\n\n- Allow bind options to be stored to and edited by retail_yaml (bsc#1150657)\n\nrelease-notes-susemanager:\n\n- Update to 3.2.15\n- Bugs mentioned\n bsc#1150657, bsc#1162391, bsc#1167556, bsc#1174965, bsc#1170331, bsc#1159184, bsc#1168227, bsc#1172831, \n bsc#1173073, bsc#1167871, bsc#1169109, bsc#1159202, bsc#1168227, bsc#1153578, bsc#1141663, bsc#1174768, \n bsc#1173946, bsc#1174167, bsc#1169865, bsc#1155794\n\nspacewalk-backend:\n\n- Fix issues importing RPM packages with long RPM headers (bsc#1174965)\n- Do not make mgr-inter-sync to crash if there are non-ASCII\n characters on an exception message (bsc#1170331)\n- Validate cached package entries on ISS slave (bsc#1159184)\n\nspacewalk-client-tools:\n\n- Do not crash \u0027mgr-update-status\u0027 because \u0027long\u0027 type is not defined in Python 3\n\nspacewalk-java:\n\n- Skip upgrades when the target has not the same amount of products\n as the installed set (bsc#1168227)\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n- Prevent deadlock on suseusernotification (bsc#1173073)\n- Avoid multiple base channels when onboarding minions (bsc#1167871)\n- Hide message about changed Update Tag change (bsc#1169109)\n- Refresh pillar after channel change\n- Use \u0027changes\u0027 field if \u0027pchanges\u0027 field doesn\u0027t exist (bsc#1159202)\n- Skip migration targets when they do not have the same amount of\n products as the installed set (bsc#1168227)\n\nspacewalk-utils:\n\n- Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578)\n- Fixes SSL hostname matching (bsc#1141663)\n\nspacewalk-web:\n\n- Fix saving of formulas (bsc#1174768)\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n\nsusemanager:\n\n- Use python2-uyuni-common-libs and python3-uyuni-common-libs for\n bootstrap repositories (bsc#1173946)\n- Add \u0027python-singledispatch\u0027 to SLE12 (all SPs) and RES7 bootstrap repos. (bsc#1174700)\n- Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as\n it is required to get python3-M2crypto (bsc#1174167)\n- Require python3-tornado only for SLE15/SLE15SP1 (bsc#1169865)\n- Use python3-M2Crypto for all SLE15 versions and openSUSE Leap 15.1\n bootstrap repositories\n- Add dbus-1-glib to SLE12SP5 x86_64 to allow onboarding of AWS Cloud SLE12SP5\n clients (they do not have it by defaul anymore)\n\nsusemanager-frontend-libs:\n\n- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)\n\nsusemanager-schema:\n\n- Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)\n\nsusemanager-sls:\n\n- Avoid traceback error due lazy loading which_bin (bsc#1155794)\n- Using new module path for which_bin to get rid of DeprecationWarning\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2292,SUSE-SUSE-Manager-Proxy-3.2-2020-2292,SUSE-SUSE-Manager-Server-3.2-2020-2292",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2292-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2292-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202292-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2292-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-August/007286.html"
},
{
"category": "self",
"summary": "SUSE Bug 1141663",
"url": "https://bugzilla.suse.com/1141663"
},
{
"category": "self",
"summary": "SUSE Bug 1150657",
"url": "https://bugzilla.suse.com/1150657"
},
{
"category": "self",
"summary": "SUSE Bug 1153578",
"url": "https://bugzilla.suse.com/1153578"
},
{
"category": "self",
"summary": "SUSE Bug 1155794",
"url": "https://bugzilla.suse.com/1155794"
},
{
"category": "self",
"summary": "SUSE Bug 1159184",
"url": "https://bugzilla.suse.com/1159184"
},
{
"category": "self",
"summary": "SUSE Bug 1159202",
"url": "https://bugzilla.suse.com/1159202"
},
{
"category": "self",
"summary": "SUSE Bug 1162391",
"url": "https://bugzilla.suse.com/1162391"
},
{
"category": "self",
"summary": "SUSE Bug 1167556",
"url": "https://bugzilla.suse.com/1167556"
},
{
"category": "self",
"summary": "SUSE Bug 1167871",
"url": "https://bugzilla.suse.com/1167871"
},
{
"category": "self",
"summary": "SUSE Bug 1168227",
"url": "https://bugzilla.suse.com/1168227"
},
{
"category": "self",
"summary": "SUSE Bug 1169109",
"url": "https://bugzilla.suse.com/1169109"
},
{
"category": "self",
"summary": "SUSE Bug 1169865",
"url": "https://bugzilla.suse.com/1169865"
},
{
"category": "self",
"summary": "SUSE Bug 1170331",
"url": "https://bugzilla.suse.com/1170331"
},
{
"category": "self",
"summary": "SUSE Bug 1172831",
"url": "https://bugzilla.suse.com/1172831"
},
{
"category": "self",
"summary": "SUSE Bug 1173073",
"url": "https://bugzilla.suse.com/1173073"
},
{
"category": "self",
"summary": "SUSE Bug 1173946",
"url": "https://bugzilla.suse.com/1173946"
},
{
"category": "self",
"summary": "SUSE Bug 1174167",
"url": "https://bugzilla.suse.com/1174167"
},
{
"category": "self",
"summary": "SUSE Bug 1174700",
"url": "https://bugzilla.suse.com/1174700"
},
{
"category": "self",
"summary": "SUSE Bug 1174768",
"url": "https://bugzilla.suse.com/1174768"
},
{
"category": "self",
"summary": "SUSE Bug 1174965",
"url": "https://bugzilla.suse.com/1174965"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11022/"
}
],
"title": "Security update for SUSE Manager Server 3.2",
"tracking": {
"current_release_date": "2020-08-21T12:32:10Z",
"generator": {
"date": "2020-08-21T12:32:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2292-1",
"initial_release_date": "2020-08-21T12:32:10Z",
"revision_history": [
{
"date": "2020-08-21T12:32:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-3.2.15-6.61.1.aarch64",
"product": {
"name": "release-notes-susemanager-3.2.15-6.61.1.aarch64",
"product_id": "release-notes-susemanager-3.2.15-6.61.1.aarch64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.aarch64",
"product": {
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.aarch64",
"product_id": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.24-3.43.1.aarch64",
"product": {
"name": "susemanager-3.2.24-3.43.1.aarch64",
"product_id": "susemanager-3.2.24-3.43.1.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.24-3.43.1.aarch64",
"product": {
"name": "susemanager-tools-3.2.24-3.43.1.aarch64",
"product_id": "susemanager-tools-3.2.24-3.43.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-formula-0.1.1584363976.36bce64-3.6.1.noarch",
"product": {
"name": "bind-formula-0.1.1584363976.36bce64-3.6.1.noarch",
"product_id": "bind-formula-0.1.1584363976.36bce64-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch",
"product": {
"name": "branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch",
"product_id": "branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "py26-compat-salt-2016.11.10-6.38.1.noarch",
"product": {
"name": "py26-compat-salt-2016.11.10-6.38.1.noarch",
"product_id": "py26-compat-salt-2016.11.10-6.38.1.noarch"
}
},
{
"category": "product_version",
"name": "python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch",
"product": {
"name": "python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch",
"product_id": "python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-check-2.8.22.8-3.15.1.noarch",
"product": {
"name": "python2-spacewalk-check-2.8.22.8-3.15.1.noarch",
"product_id": "python2-spacewalk-check-2.8.22.8-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"product": {
"name": "python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"product_id": "python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"product": {
"name": "python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"product_id": "python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"product": {
"name": "python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"product_id": "python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-app-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-app-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-applet-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-applet-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-cdn-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-cdn-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-iss-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-iss-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-libs-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-server-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-server-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-sql-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-sql-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-tools-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-tools-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch",
"product_id": "spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-2.8.7.24-3.48.1.noarch",
"product": {
"name": "spacewalk-base-2.8.7.24-3.48.1.noarch",
"product_id": "spacewalk-base-2.8.7.24-3.48.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"product": {
"name": "spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"product_id": "spacewalk-base-minimal-2.8.7.24-3.48.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"product": {
"name": "spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"product_id": "spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-2.8.22.8-3.15.1.noarch",
"product": {
"name": "spacewalk-check-2.8.22.8-3.15.1.noarch",
"product_id": "spacewalk-check-2.8.22.8-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"product": {
"name": "spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"product_id": "spacewalk-client-setup-2.8.22.8-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"product": {
"name": "spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"product_id": "spacewalk-client-tools-2.8.22.8-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-2.8.7.24-3.48.1.noarch",
"product": {
"name": "spacewalk-dobby-2.8.7.24-3.48.1.noarch",
"product_id": "spacewalk-dobby-2.8.7.24-3.48.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-2.8.7.24-3.48.1.noarch",
"product": {
"name": "spacewalk-html-2.8.7.24-3.48.1.noarch",
"product_id": "spacewalk-html-2.8.7.24-3.48.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-2.8.78.29-3.50.1.noarch",
"product": {
"name": "spacewalk-java-2.8.78.29-3.50.1.noarch",
"product_id": "spacewalk-java-2.8.78.29-3.50.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-2.8.78.29-3.50.1.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-2.8.78.29-3.50.1.noarch",
"product_id": "spacewalk-java-apidoc-sources-2.8.78.29-3.50.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-2.8.78.29-3.50.1.noarch",
"product": {
"name": "spacewalk-java-config-2.8.78.29-3.50.1.noarch",
"product_id": "spacewalk-java-config-2.8.78.29-3.50.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-2.8.78.29-3.50.1.noarch",
"product": {
"name": "spacewalk-java-lib-2.8.78.29-3.50.1.noarch",
"product_id": "spacewalk-java-lib-2.8.78.29-3.50.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-2.8.78.29-3.50.1.noarch",
"product": {
"name": "spacewalk-java-oracle-2.8.78.29-3.50.1.noarch",
"product_id": "spacewalk-java-oracle-2.8.78.29-3.50.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch",
"product": {
"name": "spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch",
"product_id": "spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch",
"product": {
"name": "spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch",
"product_id": "spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-2.8.78.29-3.50.1.noarch",
"product": {
"name": "spacewalk-taskomatic-2.8.78.29-3.50.1.noarch",
"product_id": "spacewalk-taskomatic-2.8.78.29-3.50.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-2.8.18.7-3.15.1.noarch",
"product": {
"name": "spacewalk-utils-2.8.18.7-3.15.1.noarch",
"product_id": "spacewalk-utils-2.8.18.7-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-3.2.5-3.13.1.noarch",
"product": {
"name": "susemanager-frontend-libs-3.2.5-3.13.1.noarch",
"product_id": "susemanager-frontend-libs-3.2.5-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-devel-3.2.5-3.13.1.noarch",
"product": {
"name": "susemanager-frontend-libs-devel-3.2.5-3.13.1.noarch",
"product_id": "susemanager-frontend-libs-devel-3.2.5-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch",
"product": {
"name": "susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch",
"product_id": "susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-3.2.24-3.40.1.noarch",
"product": {
"name": "susemanager-schema-3.2.24-3.40.1.noarch",
"product_id": "susemanager-schema-3.2.24-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-3.2.24-3.40.1.noarch",
"product": {
"name": "susemanager-schema-sanity-3.2.24-3.40.1.noarch",
"product_id": "susemanager-schema-sanity-3.2.24-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-3.2.31-3.47.1.noarch",
"product": {
"name": "susemanager-sls-3.2.31-3.47.1.noarch",
"product_id": "susemanager-sls-3.2.31-3.47.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-2.8.7.24-3.48.1.noarch",
"product": {
"name": "susemanager-web-libs-2.8.7.24-3.48.1.noarch",
"product_id": "susemanager-web-libs-2.8.7.24-3.48.1.noarch"
}
},
{
"category": "product_version",
"name": "zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"product": {
"name": "zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"product_id": "zypp-plugin-spacewalk-1.0.7-3.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-3.2.15-6.61.1.ppc64le",
"product": {
"name": "release-notes-susemanager-3.2.15-6.61.1.ppc64le",
"product_id": "release-notes-susemanager-3.2.15-6.61.1.ppc64le"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.ppc64le",
"product": {
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.ppc64le",
"product_id": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.24-3.43.1.ppc64le",
"product": {
"name": "susemanager-3.2.24-3.43.1.ppc64le",
"product_id": "susemanager-3.2.24-3.43.1.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.24-3.43.1.ppc64le",
"product": {
"name": "susemanager-tools-3.2.24-3.43.1.ppc64le",
"product_id": "susemanager-tools-3.2.24-3.43.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-3.2.15-6.61.1.s390x",
"product": {
"name": "release-notes-susemanager-3.2.15-6.61.1.s390x",
"product_id": "release-notes-susemanager-3.2.15-6.61.1.s390x"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.s390x",
"product": {
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.s390x",
"product_id": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.24-3.43.1.s390x",
"product": {
"name": "susemanager-3.2.24-3.43.1.s390x",
"product_id": "susemanager-3.2.24-3.43.1.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.24-3.43.1.s390x",
"product": {
"name": "susemanager-tools-3.2.24-3.43.1.s390x",
"product_id": "susemanager-tools-3.2.24-3.43.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-3.2.15-6.61.1.x86_64",
"product": {
"name": "release-notes-susemanager-3.2.15-6.61.1.x86_64",
"product_id": "release-notes-susemanager-3.2.15-6.61.1.x86_64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64",
"product": {
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64",
"product_id": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-3.2.24-3.43.1.x86_64",
"product": {
"name": "susemanager-3.2.24-3.43.1.x86_64",
"product_id": "susemanager-3.2.24-3.43.1.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-3.2.24-3.43.1.x86_64",
"product": {
"name": "susemanager-tools-3.2.24-3.43.1.x86_64",
"product_id": "susemanager-tools-3.2.24-3.43.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 3.2",
"product": {
"name": "SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:3.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 3.2",
"product": {
"name": "SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:3.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-check-2.8.22.8-3.15.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python2-spacewalk-check-2.8.22.8-3.15.1.noarch"
},
"product_reference": "python2-spacewalk-check-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch"
},
"product_reference": "python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch"
},
"product_reference": "python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch"
},
"product_reference": "python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64 as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-2.8.57.23-3.51.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-libs-2.8.57.23-3.51.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-2.8.7.24-3.48.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch"
},
"product_reference": "spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch"
},
"product_reference": "spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-check-2.8.22.8-3.15.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-check-2.8.22.8-3.15.1.noarch"
},
"product_reference": "spacewalk-check-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-setup-2.8.22.8-3.15.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-client-setup-2.8.22.8-3.15.1.noarch"
},
"product_reference": "spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-2.8.22.8-3.15.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch"
},
"product_reference": "spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch"
},
"product_reference": "spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-2.8.7.24-3.48.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch"
},
"product_reference": "susemanager-web-libs-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zypp-plugin-spacewalk-1.0.7-3.13.1.noarch as component of SUSE Manager Proxy 3.2",
"product_id": "SUSE Manager Proxy 3.2:zypp-plugin-spacewalk-1.0.7-3.13.1.noarch"
},
"product_reference": "zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-formula-0.1.1584363976.36bce64-3.6.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:bind-formula-0.1.1584363976.36bce64-3.6.1.noarch"
},
"product_reference": "bind-formula-0.1.1584363976.36bce64-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch"
},
"product_reference": "branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "py26-compat-salt-2016.11.10-6.38.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:py26-compat-salt-2016.11.10-6.38.1.noarch"
},
"product_reference": "py26-compat-salt-2016.11.10-6.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch"
},
"product_reference": "python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch"
},
"product_reference": "python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-3.2.15-6.61.1.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.ppc64le"
},
"product_reference": "release-notes-susemanager-3.2.15-6.61.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-3.2.15-6.61.1.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.s390x"
},
"product_reference": "release-notes-susemanager-3.2.15-6.61.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-3.2.15-6.61.1.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.x86_64"
},
"product_reference": "release-notes-susemanager-3.2.15-6.61.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-app-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-app-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-applet-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-applet-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-iss-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-iss-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-libs-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-server-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-server-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-sql-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-sql-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-tools-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-tools-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-2.8.7.24-3.48.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-2.8.7.24-3.48.1.noarch"
},
"product_reference": "spacewalk-base-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-2.8.7.24-3.48.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch"
},
"product_reference": "spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch"
},
"product_reference": "spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-2.8.22.8-3.15.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch"
},
"product_reference": "spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-2.8.7.24-3.48.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-html-2.8.7.24-3.48.1.noarch"
},
"product_reference": "spacewalk-html-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-2.8.78.29-3.50.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-2.8.78.29-3.50.1.noarch"
},
"product_reference": "spacewalk-java-2.8.78.29-3.50.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-2.8.78.29-3.50.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.29-3.50.1.noarch"
},
"product_reference": "spacewalk-java-config-2.8.78.29-3.50.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-2.8.78.29-3.50.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.29-3.50.1.noarch"
},
"product_reference": "spacewalk-java-lib-2.8.78.29-3.50.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-2.8.78.29-3.50.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.29-3.50.1.noarch"
},
"product_reference": "spacewalk-java-oracle-2.8.78.29-3.50.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch"
},
"product_reference": "spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-2.8.78.29-3.50.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.29-3.50.1.noarch"
},
"product_reference": "spacewalk-taskomatic-2.8.78.29-3.50.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-2.8.18.7-3.15.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:spacewalk-utils-2.8.18.7-3.15.1.noarch"
},
"product_reference": "spacewalk-utils-2.8.18.7-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.24-3.43.1.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.ppc64le"
},
"product_reference": "susemanager-3.2.24-3.43.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.24-3.43.1.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.s390x"
},
"product_reference": "susemanager-3.2.24-3.43.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-3.2.24-3.43.1.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.x86_64"
},
"product_reference": "susemanager-3.2.24-3.43.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-frontend-libs-3.2.5-3.13.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.5-3.13.1.noarch"
},
"product_reference": "susemanager-frontend-libs-3.2.5-3.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch"
},
"product_reference": "susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-3.2.24-3.40.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-schema-3.2.24-3.40.1.noarch"
},
"product_reference": "susemanager-schema-3.2.24-3.40.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-3.2.31-3.47.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-sls-3.2.31-3.47.1.noarch"
},
"product_reference": "susemanager-sls-3.2.31-3.47.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.24-3.43.1.ppc64le as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.ppc64le"
},
"product_reference": "susemanager-tools-3.2.24-3.43.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.24-3.43.1.s390x as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.s390x"
},
"product_reference": "susemanager-tools-3.2.24-3.43.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-3.2.24-3.43.1.x86_64 as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.x86_64"
},
"product_reference": "susemanager-tools-3.2.24-3.43.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-2.8.7.24-3.48.1.noarch as component of SUSE Manager Server 3.2",
"product_id": "SUSE Manager Server 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch"
},
"product_reference": "susemanager-web-libs-2.8.7.24-3.48.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11022"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 3.2:python2-spacewalk-check-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"SUSE Manager Proxy 3.2:release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64",
"SUSE Manager Proxy 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-check-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch",
"SUSE Manager Proxy 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"SUSE Manager Server 3.2:bind-formula-0.1.1584363976.36bce64-3.6.1.noarch",
"SUSE Manager Server 3.2:branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch",
"SUSE Manager Server 3.2:py26-compat-salt-2016.11.10-6.38.1.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch",
"SUSE Manager Server 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.ppc64le",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.s390x",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.x86_64",
"SUSE Manager Server 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-app-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-applet-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-iss-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-server-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-tools-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.7-3.15.1.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.x86_64",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.5-3.13.1.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.24-3.40.1.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.31-3.47.1.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.x86_64",
"SUSE Manager Server 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://www.suse.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190663 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1190663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 3.2:python2-spacewalk-check-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"SUSE Manager Proxy 3.2:release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64",
"SUSE Manager Proxy 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-check-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch",
"SUSE Manager Proxy 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"SUSE Manager Server 3.2:bind-formula-0.1.1584363976.36bce64-3.6.1.noarch",
"SUSE Manager Server 3.2:branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch",
"SUSE Manager Server 3.2:py26-compat-salt-2016.11.10-6.38.1.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch",
"SUSE Manager Server 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.ppc64le",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.s390x",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.x86_64",
"SUSE Manager Server 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-app-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-applet-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-iss-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-server-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-tools-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.7-3.15.1.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.x86_64",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.5-3.13.1.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.24-3.40.1.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.31-3.47.1.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.x86_64",
"SUSE Manager Server 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 3.2:python2-spacewalk-check-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:python2-zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"SUSE Manager Proxy 3.2:release-notes-susemanager-proxy-3.2.15-0.16.47.1.x86_64",
"SUSE Manager Proxy 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-check-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-client-setup-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Proxy 3.2:spacewalk-proxy-installer-2.8.6.8-3.18.1.noarch",
"SUSE Manager Proxy 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch",
"SUSE Manager Proxy 3.2:zypp-plugin-spacewalk-1.0.7-3.13.1.noarch",
"SUSE Manager Server 3.2:bind-formula-0.1.1584363976.36bce64-3.6.1.noarch",
"SUSE Manager Server 3.2:branch-network-formula-0.1.1584363976.36bce64-3.9.1.noarch",
"SUSE Manager Server 3.2:py26-compat-salt-2016.11.10-6.38.1.noarch",
"SUSE Manager Server 3.2:python-susemanager-retail-1.0.1584363976.36bce64-2.12.1.noarch",
"SUSE Manager Server 3.2:python2-spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.ppc64le",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.s390x",
"SUSE Manager Server 3.2:release-notes-susemanager-3.2.15-6.61.1.x86_64",
"SUSE Manager Server 3.2:spacewalk-backend-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-app-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-applet-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-common-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-config-files-tool-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-iss-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-iss-export-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-package-push-server-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-server-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-oracle-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-tools-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-backend-xmlrpc-2.8.57.23-3.51.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-base-minimal-config-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-client-tools-2.8.22.8-3.15.1.noarch",
"SUSE Manager Server 3.2:spacewalk-html-2.8.7.24-3.48.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.29-3.50.1.noarch",
"SUSE Manager Server 3.2:spacewalk-utils-2.8.18.7-3.15.1.noarch",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.ppc64le",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.s390x",
"SUSE Manager Server 3.2:susemanager-3.2.24-3.43.1.x86_64",
"SUSE Manager Server 3.2:susemanager-frontend-libs-3.2.5-3.13.1.noarch",
"SUSE Manager Server 3.2:susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1.noarch",
"SUSE Manager Server 3.2:susemanager-schema-3.2.24-3.40.1.noarch",
"SUSE Manager Server 3.2:susemanager-sls-3.2.31-3.47.1.noarch",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.ppc64le",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.s390x",
"SUSE Manager Server 3.2:susemanager-tools-3.2.24-3.43.1.x86_64",
"SUSE Manager Server 3.2:susemanager-web-libs-2.8.7.24-3.48.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-21T12:32:10Z",
"details": "moderate"
}
],
"title": "CVE-2020-11022"
}
]
}
SUSE-SU-2020:2373-1
Vulnerability from csaf_suse - Published: 2020-08-28 10:58 - Updated: 2020-08-28 10:58Summary
Security update for SUSE Manager Server 4.1
Severity
Moderate
Notes
Title of the patch: Security update for SUSE Manager Server 4.1
Description of the patch: This update fixes the following issues:
cobbler:
- More old modules naming fixes (bsc#1169553)
image-sync-formula:
- Allow image-sync state on regular minion.
Image sync state requires branch-network pillars to get the directory
where to sync images. Use default `/srv/saltboot` if that pillar is
missing so image-sync can be applied on non branch minions as well.
mgr-libmod:
- Remove unnecessary array wrap in 'list_modules' response object
mgr-osad:
- Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher
(bsc#1174405)
openvpn-formula:
- Add hint that ssl certs must be on system (bsc#1172279)
patterns-suse-manager:
- Add Recommends for golang-github-QubitProducts-exporter_exporter
prometheus-exporters-formula:
- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
- Add support for exporters proxy (exporter_exporter)
pxe-default-image-sle15:
- Rollback the workaround for bsc#1172807, as dracut is now fixed
saltboot-formula:
- Better fix for rounding errors (bsc#1136857)
spacecmd:
- Fix softwarechannel update for vendor channels (bsc#1172709)
- Fix escaping of package names (bsc#1171281)
spacewalk-backend:
- Adds basic functionality for gpg check
- Verify GPG signature of Ubuntu/Debian repository metadata (Release file)
- Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)
- Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)
spacewalk-branding:
- Implement Maintenance Windows
- Fix typo on spacewalk-branding license
spacewalk-certs-tools:
- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
- Fix centos detection (bsc#1173584)
spacewalk-java:
- Use media.1/products from media when not specified different (bsc#1175558)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix error when rolling back a system to a snapshot (bsc#1173997)
- Implement maintenance windows backend
- Add check for maintainence window during executing recurring actions
- Implement maintenance windows in struts
- XMLRPC: Assign/retract maintenance schedule to/from systems
- Fix softwarechannel update for vendor channels (bsc#1172709)
- Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566)
- Change system list header text to something better (bsc#1173982)
- Set CPU and memory info for virtual instances (bsc#1170244)
- Add virtual network Start, Stop and Delete actions
- Add virtual network list page
- Fix httpcomponents and gson jar symlinks (bsc#1174229)
- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)
- Provide comps.xml and modules.yaml when using onlinerepo for kickstart
- Refresh virtualization pages only on events
- Fix up2date detection on RH8 when salt-minion is used for registration
- Improve performance of the System Groups page with many clients (bsc#1172839)
- Include number of non-patch package updates to non-critical update counts
in system group pages (bsc#1170468)
- Bump XMLRPC API version number to distinguish from Spacewalk 2.10
- Cluster UI: return to overview page after scheduling actions
- Fix NPE on auto installation when no kernel options are given (bsc#1173932)
- Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654)
- Adapt expectations for jobs return events after switching Salt
states to use 'mgrcompat.module_run' state.
spacewalk-utils:
- Add aarch64 for openSUSE Leap 15.1 and 15.2
spacewalk-web:
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix JS linting errors/warnings
- Enable Nutanix AHV virtual host gatherer.
- Web UI: Implement managing maintenance schedules and calendars
- Warn when a system is in multiple groups that configure the same
formula in the system formula's UI (bsc#1173554)
- Add virtual network start, stop and delete actions
- Add virtual network list page
- Fix internal server error when creating module filters in CLM (bsc#1174325)
- Fix VM creation page when there is no volume in the default storage pool
- Refresh virtualization pages only on events
- Product list in the Wizard doesn't show SLE products first (bsc#1173522)
- Cluster UI: return to overview page after scheduling actions
- Changes in the logic to update the tick icon.
- For the postgres localhost:5432 case, use the
- Fix internal server errors by returning 0 instead of dying
- Add missing dependency to spacewalk-base-minimal (bsc#678126)
- Change kickstart to autoinstallation in navigation on pxt pages
- Debranding
suseRegisterInfo:
- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)
susemanager:
- Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780)
- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
- Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as
it is required to get python3-M2crypto (bsc#1174167)
susemanager-doc-indexes:
- Left navigation structure cleaned up
- Fixed several broken xrefs
- Added hostname admonition for public cloud sections
- Clarified Branch Proxy configuration instructions
- Fixed index page pdf links, urls were 1 step to deep
- SUSECOM 2020 branding update
- PDF 2020 branding update
- WEBUI 2020 branding update
- Added maintenance window documentation
- Added SLE client chapter
- Added 508 compliance
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.
- Added docs for nutanix VHM
- Ubuntu clients using the CLI in SUMA (bsc#1174025)
susemanager-docs_en:
- Left navigation structure cleaned up
- Fixed several broken xrefs
- Added hostname admonition for public cloud sections
- Clarified Branch Proxy configuration instructions
- Fixed index page pdf links, urls were 1 step to deep
- SUSECOM 2020 branding update
- PDF 2020 branding update
- WEBUI 2020 branding update
- Added maintenance window documentation
- Added SLE client chapter
- Added 508 compliance
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.
- Added docs for nutanix VHM
- Ubuntu clients using the CLI in SUMA (bsc#1174025)
susemanager-frontend-libs:
- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)
susemanager-schema:
- Add new states and types for virtual instances in order
to support Nutanix AHV.
- Implement Maintenance Windows
- Add virtual network state change action
- Internal fixes to avoid problems with the idempotency tests
susemanager-sls:
- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
- Fix: supply a dnf base when dealing w/repos (bsc#1172504)
- Fix: autorefresh in repos is zypper-only
- Add virtual network state change state to handle start, stop and delete
- Add virtual network state change state to handle start and stop
- Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)
- Force a refresh after deleting a virtual storage volume
- Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169)
- Require PyYAML version >= 5.1
- Log out of Docker registries after image build (bsc#1165572)
- Prevent 'module.run' deprecation warnings by using custom mgrcompat module
susemanager-sync-data:
- Remove version from centos and oracle linux identifier (bsc#1173584)
uyuni-common-libs:
- Fix issues importing RPM packages with long RPM headers (bsc#1174965)
virtual-host-gatherer:
- Add new gatherer module for Nutanix AHV.
virtualization-host-formula:
- Ensure kernel-default and libvirt-python3 are installed
- Set bridge network as default
- Fix conditionals (bsc#1175791)
yomi-formula:
- Update to version 0.0.1+git.1595952633.b300be2:
* pillar: install always kernel-default
* chroot: python3-base is now a capability
* Move systemctl calls inside chroot
* Network: initial work for network declaration
* MicroOS: Remove tmp subvolume
* Update format following the new standard
* Fix __mount_device wrapper
httpcomponents-core:
- Include the correct package in SUSE Manager Server (no source changes)
httpcomponents-client:
- Include the correct package in SUSE Manager Server (no source changes)
google-gson:
- Include the correct package in SUSE Manager Server (no source changes)
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
spacewalk-schema-upgrade
5. Start the Spacewalk service:
spacewalk-service start
Patchnames: SUSE-2020-2373,SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-2373,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2373
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
103 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:mgr-osad-4.1.3-2.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:patterns-suma_proxy-4.1-6.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:python3-mgr-osad-4.1.3-2.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacecmd-4.1.6-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-proxy-broker-4.1.2-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-proxy-common-4.1.2-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-proxy-management-4.1.2-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-proxy-redirect-4.1.2-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:spacewalk-proxy-salt-4.1.2-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:google-gson-2.8.5-3.2.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.2.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.2.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:ical4j-3.0.18-3.2.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:mgr-libmod-4.1.4-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:mgr-osa-dispatcher-4.1.3-2.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:prometheus-exporters-formula-0.7.1-3.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:pxe-default-image-sle15-4.1.0-Build5.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacecmd-4.1.6-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-base-4.1.15-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-html-4.1.15-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-4.1.18-3.5.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.18-3.5.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.18-3.5.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.18-3.5.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.18-3.5.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-utils-4.1.11-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-utils-extras-4.1.11-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.7.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.7.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.7.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.0-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-schema-4.1.12-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-sls-4.1.14-3.5.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.7-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.15-3.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:virtual-host-gatherer-1.0.21-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:virtualization-host-formula-0.5-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ncobbler:\n\n- More old modules naming fixes (bsc#1169553)\n\nimage-sync-formula:\n\n- Allow image-sync state on regular minion.\n Image sync state requires branch-network pillars to get the directory\n where to sync images. Use default `/srv/saltboot` if that pillar is\n missing so image-sync can be applied on non branch minions as well.\n\nmgr-libmod:\n\n- Remove unnecessary array wrap in \u0027list_modules\u0027 response object\n\nmgr-osad:\n\n- Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher\n (bsc#1174405)\n\nopenvpn-formula:\n\n- Add hint that ssl certs must be on system (bsc#1172279)\n\npatterns-suse-manager:\n\n- Add Recommends for golang-github-QubitProducts-exporter_exporter\n\nprometheus-exporters-formula:\n\n- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)\n- Add support for exporters proxy (exporter_exporter)\n\npxe-default-image-sle15:\n\n- Rollback the workaround for bsc#1172807, as dracut is now fixed\n\nsaltboot-formula:\n\n- Better fix for rounding errors (bsc#1136857)\n\nspacecmd:\n\n- Fix softwarechannel update for vendor channels (bsc#1172709)\n- Fix escaping of package names (bsc#1171281)\n\nspacewalk-backend:\n\n- Adds basic functionality for gpg check\n- Verify GPG signature of Ubuntu/Debian repository metadata (Release file)\n- Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)\n- Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)\n\nspacewalk-branding:\n\n- Implement Maintenance Windows\n- Fix typo on spacewalk-branding license\n\nspacewalk-certs-tools:\n\n- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)\n- Fix centos detection (bsc#1173584)\n\nspacewalk-java:\n\n- Use media.1/products from media when not specified different (bsc#1175558)\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n- Fix error when rolling back a system to a snapshot (bsc#1173997)\n- Implement maintenance windows backend\n- Add check for maintainence window during executing recurring actions\n- Implement maintenance windows in struts\n- XMLRPC: Assign/retract maintenance schedule to/from systems\n- Fix softwarechannel update for vendor channels (bsc#1172709)\n- Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566)\n- Change system list header text to something better (bsc#1173982)\n- Set CPU and memory info for virtual instances (bsc#1170244)\n- Add virtual network Start, Stop and Delete actions\n- Add virtual network list page\n- Fix httpcomponents and gson jar symlinks (bsc#1174229)\n- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)\n- Provide comps.xml and modules.yaml when using onlinerepo for kickstart\n- Refresh virtualization pages only on events\n- Fix up2date detection on RH8 when salt-minion is used for registration\n- Improve performance of the System Groups page with many clients (bsc#1172839)\n- Include number of non-patch package updates to non-critical update counts\n in system group pages (bsc#1170468)\n- Bump XMLRPC API version number to distinguish from Spacewalk 2.10\n- Cluster UI: return to overview page after scheduling actions\n- Fix NPE on auto installation when no kernel options are given (bsc#1173932)\n- Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654)\n- Adapt expectations for jobs return events after switching Salt\n states to use \u0027mgrcompat.module_run\u0027 state.\n\nspacewalk-utils:\n\n- Add aarch64 for openSUSE Leap 15.1 and 15.2\n\nspacewalk-web:\n\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n- Fix JS linting errors/warnings\n- Enable Nutanix AHV virtual host gatherer.\n- Web UI: Implement managing maintenance schedules and calendars\n- Warn when a system is in multiple groups that configure the same\n formula in the system formula\u0027s UI (bsc#1173554)\n- Add virtual network start, stop and delete actions\n- Add virtual network list page\n- Fix internal server error when creating module filters in CLM (bsc#1174325)\n- Fix VM creation page when there is no volume in the default storage pool\n- Refresh virtualization pages only on events\n- Product list in the Wizard doesn\u0027t show SLE products first (bsc#1173522)\n- Cluster UI: return to overview page after scheduling actions\n- Changes in the logic to update the tick icon.\n- For the postgres localhost:5432 case, use the\n- Fix internal server errors by returning 0 instead of dying\n- Add missing dependency to spacewalk-base-minimal (bsc#678126)\n- Change kickstart to autoinstallation in navigation on pxt pages\n- Debranding\n\nsuseRegisterInfo:\n\n- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)\n\nsusemanager:\n\n- Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780)\n- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)\n- Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as\n it is required to get python3-M2crypto (bsc#1174167)\n\nsusemanager-doc-indexes:\n\n- Left navigation structure cleaned up\n- Fixed several broken xrefs\n- Added hostname admonition for public cloud sections\n- Clarified Branch Proxy configuration instructions\n- Fixed index page pdf links, urls were 1 step to deep\n- SUSECOM 2020 branding update\n- PDF 2020 branding update\n- WEBUI 2020 branding update\n- Added maintenance window documentation\n- Added SLE client chapter\n- Added 508 compliance\n- Added reverse proxy information to Monitoring in Admin Guide\n- Add note about accessibility to index\n- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.\n- Added docs for nutanix VHM\n- Ubuntu clients using the CLI in SUMA (bsc#1174025)\n\nsusemanager-docs_en:\n\n- Left navigation structure cleaned up\n- Fixed several broken xrefs\n- Added hostname admonition for public cloud sections\n- Clarified Branch Proxy configuration instructions\n- Fixed index page pdf links, urls were 1 step to deep\n- SUSECOM 2020 branding update\n- PDF 2020 branding update\n- WEBUI 2020 branding update\n- Added maintenance window documentation\n- Added SLE client chapter\n- Added 508 compliance\n- Added reverse proxy information to Monitoring in Admin Guide\n- Add note about accessibility to index \n- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.\n- Added docs for nutanix VHM \n- Ubuntu clients using the CLI in SUMA (bsc#1174025)\n\nsusemanager-frontend-libs:\n\n- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) \n\nsusemanager-schema:\n\n- Add new states and types for virtual instances in order\n to support Nutanix AHV.\n- Implement Maintenance Windows\n- Add virtual network state change action\n- Internal fixes to avoid problems with the idempotency tests\n\nsusemanager-sls:\n\n- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)\n- Fix: supply a dnf base when dealing w/repos (bsc#1172504)\n- Fix: autorefresh in repos is zypper-only\n- Add virtual network state change state to handle start, stop and delete\n- Add virtual network state change state to handle start and stop\n- Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)\n- Force a refresh after deleting a virtual storage volume\n- Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169)\n- Require PyYAML version \u003e= 5.1\n- Log out of Docker registries after image build (bsc#1165572)\n- Prevent \u0027module.run\u0027 deprecation warnings by using custom mgrcompat module\n\nsusemanager-sync-data:\n\n- Remove version from centos and oracle linux identifier (bsc#1173584)\n\nuyuni-common-libs:\n\n- Fix issues importing RPM packages with long RPM headers (bsc#1174965)\n\nvirtual-host-gatherer:\n\n- Add new gatherer module for Nutanix AHV.\n\nvirtualization-host-formula:\n\n- Ensure kernel-default and libvirt-python3 are installed\n- Set bridge network as default\n- Fix conditionals (bsc#1175791)\n\n\n\nyomi-formula:\n\n- Update to version 0.0.1+git.1595952633.b300be2:\n * pillar: install always kernel-default\n * chroot: python3-base is now a capability\n * Move systemctl calls inside chroot\n * Network: initial work for network declaration\n * MicroOS: Remove tmp subvolume\n * Update format following the new standard\n * Fix __mount_device wrapper\n\nhttpcomponents-core:\n\n- Include the correct package in SUSE Manager Server (no source changes)\n\nhttpcomponents-client:\n\n- Include the correct package in SUSE Manager Server (no source changes)\n\ngoogle-gson:\n\n- Include the correct package in SUSE Manager Server (no source changes)\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2373,SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2020-2373,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2373",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2373-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2373-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202373-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2373-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-August/007314.html"
},
{
"category": "self",
"summary": "SUSE Bug 1136857",
"url": "https://bugzilla.suse.com/1136857"
},
{
"category": "self",
"summary": "SUSE Bug 1165572",
"url": "https://bugzilla.suse.com/1165572"
},
{
"category": "self",
"summary": "SUSE Bug 1169553",
"url": "https://bugzilla.suse.com/1169553"
},
{
"category": "self",
"summary": "SUSE Bug 1169780",
"url": "https://bugzilla.suse.com/1169780"
},
{
"category": "self",
"summary": "SUSE Bug 1170244",
"url": "https://bugzilla.suse.com/1170244"
},
{
"category": "self",
"summary": "SUSE Bug 1170468",
"url": "https://bugzilla.suse.com/1170468"
},
{
"category": "self",
"summary": "SUSE Bug 1170654",
"url": "https://bugzilla.suse.com/1170654"
},
{
"category": "self",
"summary": "SUSE Bug 1171281",
"url": "https://bugzilla.suse.com/1171281"
},
{
"category": "self",
"summary": "SUSE Bug 1172279",
"url": "https://bugzilla.suse.com/1172279"
},
{
"category": "self",
"summary": "SUSE Bug 1172504",
"url": "https://bugzilla.suse.com/1172504"
},
{
"category": "self",
"summary": "SUSE Bug 1172709",
"url": "https://bugzilla.suse.com/1172709"
},
{
"category": "self",
"summary": "SUSE Bug 1172807",
"url": "https://bugzilla.suse.com/1172807"
},
{
"category": "self",
"summary": "SUSE Bug 1172831",
"url": "https://bugzilla.suse.com/1172831"
},
{
"category": "self",
"summary": "SUSE Bug 1172839",
"url": "https://bugzilla.suse.com/1172839"
},
{
"category": "self",
"summary": "SUSE Bug 1173169",
"url": "https://bugzilla.suse.com/1173169"
},
{
"category": "self",
"summary": "SUSE Bug 1173522",
"url": "https://bugzilla.suse.com/1173522"
},
{
"category": "self",
"summary": "SUSE Bug 1173535",
"url": "https://bugzilla.suse.com/1173535"
},
{
"category": "self",
"summary": "SUSE Bug 1173554",
"url": "https://bugzilla.suse.com/1173554"
},
{
"category": "self",
"summary": "SUSE Bug 1173566",
"url": "https://bugzilla.suse.com/1173566"
},
{
"category": "self",
"summary": "SUSE Bug 1173584",
"url": "https://bugzilla.suse.com/1173584"
},
{
"category": "self",
"summary": "SUSE Bug 1173932",
"url": "https://bugzilla.suse.com/1173932"
},
{
"category": "self",
"summary": "SUSE Bug 1173982",
"url": "https://bugzilla.suse.com/1173982"
},
{
"category": "self",
"summary": "SUSE Bug 1173997",
"url": "https://bugzilla.suse.com/1173997"
},
{
"category": "self",
"summary": "SUSE Bug 1174025",
"url": "https://bugzilla.suse.com/1174025"
},
{
"category": "self",
"summary": "SUSE Bug 1174167",
"url": "https://bugzilla.suse.com/1174167"
},
{
"category": "self",
"summary": "SUSE Bug 1174229",
"url": "https://bugzilla.suse.com/1174229"
},
{
"category": "self",
"summary": "SUSE Bug 1174325",
"url": "https://bugzilla.suse.com/1174325"
},
{
"category": "self",
"summary": "SUSE Bug 1174405",
"url": "https://bugzilla.suse.com/1174405"
},
{
"category": "self",
"summary": "SUSE Bug 1174470",
"url": "https://bugzilla.suse.com/1174470"
},
{
"category": "self",
"summary": "SUSE Bug 1174965",
"url": "https://bugzilla.suse.com/1174965"
},
{
"category": "self",
"summary": "SUSE Bug 1175485",
"url": "https://bugzilla.suse.com/1175485"
},
{
"category": "self",
"summary": "SUSE Bug 1175555",
"url": "https://bugzilla.suse.com/1175555"
},
{
"category": "self",
"summary": "SUSE Bug 1175558",
"url": "https://bugzilla.suse.com/1175558"
},
{
"category": "self",
"summary": "SUSE Bug 1175724",
"url": "https://bugzilla.suse.com/1175724"
},
{
"category": "self",
"summary": "SUSE Bug 1175791",
"url": "https://bugzilla.suse.com/1175791"
},
{
"category": "self",
"summary": "SUSE Bug 678126",
"url": "https://bugzilla.suse.com/678126"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11022/"
}
],
"title": "Security update for SUSE Manager Server 4.1",
"tracking": {
"current_release_date": "2020-08-28T10:58:53Z",
"generator": {
"date": "2020-08-28T10:58:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2373-1",
"initial_release_date": "2020-08-28T10:58:53Z",
"revision_history": [
{
"date": "2020-08-28T10:58:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-gson-2.8.5-3.2.6.noarch",
"product": {
"name": "google-gson-2.8.5-3.2.6.noarch",
"product_id": "google-gson-2.8.5-3.2.6.noarch"
}
},
{
"category": "product_version",
"name": "google-gson-javadoc-2.8.5-3.2.6.noarch",
"product": {
"name": "google-gson-javadoc-2.8.5-3.2.6.noarch",
"product_id": "google-gson-javadoc-2.8.5-3.2.6.noarch"
}
},
{
"category": "product_version",
"name": "httpcomponents-client-4.5.6-3.2.6.noarch",
"product": {
"name": "httpcomponents-client-4.5.6-3.2.6.noarch",
"product_id": "httpcomponents-client-4.5.6-3.2.6.noarch"
}
},
{
"category": "product_version",
"name": "httpcomponents-client-cache-4.5.6-3.2.6.noarch",
"product": {
"name": "httpcomponents-client-cache-4.5.6-3.2.6.noarch",
"product_id": "httpcomponents-client-cache-4.5.6-3.2.6.noarch"
}
},
{
"category": "product_version",
"name": "httpcomponents-client-javadoc-4.5.6-3.2.6.noarch",
"product": {
"name": "httpcomponents-client-javadoc-4.5.6-3.2.6.noarch",
"product_id": "httpcomponents-client-javadoc-4.5.6-3.2.6.noarch"
}
},
{
"category": "product_version",
"name": "httpcomponents-core-4.4.10-3.2.6.noarch",
"product": {
"name": "httpcomponents-core-4.4.10-3.2.6.noarch",
"product_id": "httpcomponents-core-4.4.10-3.2.6.noarch"
}
},
{
"category": "product_version",
"name": "httpcomponents-core-javadoc-4.4.10-3.2.6.noarch",
"product": {
"name": "httpcomponents-core-javadoc-4.4.10-3.2.6.noarch",
"product_id": "httpcomponents-core-javadoc-4.4.10-3.2.6.noarch"
}
},
{
"category": "product_version",
"name": "pxe-default-image-sle15-4.1.0-Build5.3.noarch",
"product": {
"name": "pxe-default-image-sle15-4.1.0-Build5.3.noarch",
"product_id": "pxe-default-image-sle15-4.1.0-Build5.3.noarch"
}
},
{
"category": "product_version",
"name": "mgr-osad-4.1.3-2.3.6.noarch",
"product": {
"name": "mgr-osad-4.1.3-2.3.6.noarch",
"product_id": "mgr-osad-4.1.3-2.3.6.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"product": {
"name": "python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"product_id": "python3-mgr-osa-common-4.1.3-2.3.6.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-osad-4.1.3-2.3.6.noarch",
"product": {
"name": "python3-mgr-osad-4.1.3-2.3.6.noarch",
"product_id": "python3-mgr-osad-4.1.3-2.3.6.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"product": {
"name": "python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"product_id": "python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"product": {
"name": "python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"product_id": "python3-suseRegisterInfo-4.1.3-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.1.6-4.3.6.noarch",
"product": {
"name": "spacecmd-4.1.6-4.3.6.noarch",
"product_id": "spacecmd-4.1.6-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"product": {
"name": "spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"product_id": "spacewalk-base-minimal-4.1.15-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"product_id": "spacewalk-base-minimal-config-4.1.15-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"product": {
"name": "spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"product_id": "spacewalk-certs-tools-4.1.12-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-broker-4.1.2-3.3.6.noarch",
"product": {
"name": "spacewalk-proxy-broker-4.1.2-3.3.6.noarch",
"product_id": "spacewalk-proxy-broker-4.1.2-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-common-4.1.2-3.3.6.noarch",
"product": {
"name": "spacewalk-proxy-common-4.1.2-3.3.6.noarch",
"product_id": "spacewalk-proxy-common-4.1.2-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-management-4.1.2-3.3.6.noarch",
"product": {
"name": "spacewalk-proxy-management-4.1.2-3.3.6.noarch",
"product_id": "spacewalk-proxy-management-4.1.2-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch",
"product": {
"name": "spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch",
"product_id": "spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-redirect-4.1.2-3.3.6.noarch",
"product": {
"name": "spacewalk-proxy-redirect-4.1.2-3.3.6.noarch",
"product_id": "spacewalk-proxy-redirect-4.1.2-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-salt-4.1.2-3.3.6.noarch",
"product": {
"name": "spacewalk-proxy-salt-4.1.2-3.3.6.noarch",
"product_id": "spacewalk-proxy-salt-4.1.2-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "suseRegisterInfo-4.1.3-4.3.6.noarch",
"product": {
"name": "suseRegisterInfo-4.1.3-4.3.6.noarch",
"product_id": "suseRegisterInfo-4.1.3-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch",
"product": {
"name": "cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch",
"product_id": "cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch"
}
},
{
"category": "product_version",
"name": "ical4j-3.0.18-3.2.7.noarch",
"product": {
"name": "ical4j-3.0.18-3.2.7.noarch",
"product_id": "ical4j-3.0.18-3.2.7.noarch"
}
},
{
"category": "product_version",
"name": "image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch",
"product": {
"name": "image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch",
"product_id": "image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "mgr-libmod-4.1.4-3.3.6.noarch",
"product": {
"name": "mgr-libmod-4.1.4-3.3.6.noarch",
"product_id": "mgr-libmod-4.1.4-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"product": {
"name": "mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"product_id": "mgr-osa-dispatcher-4.1.3-2.3.6.noarch"
}
},
{
"category": "product_version",
"name": "prometheus-exporters-formula-0.7.1-3.5.2.noarch",
"product": {
"name": "prometheus-exporters-formula-0.7.1-3.5.2.noarch",
"product_id": "prometheus-exporters-formula-0.7.1-3.5.2.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"product": {
"name": "python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"product_id": "python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch",
"product": {
"name": "saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch",
"product_id": "saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-app-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-app-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-applet-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-applet-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-config-files-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-iss-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-iss-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-iss-export-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-server-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-server-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-sql-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-sql-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-tools-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-tools-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.1.15-3.3.6.noarch",
"product": {
"name": "spacewalk-base-4.1.15-3.3.6.noarch",
"product_id": "spacewalk-base-4.1.15-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.1.15-3.3.6.noarch",
"product": {
"name": "spacewalk-html-4.1.15-3.3.6.noarch",
"product_id": "spacewalk-html-4.1.15-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.1.18-3.5.3.noarch",
"product": {
"name": "spacewalk-java-4.1.18-3.5.3.noarch",
"product_id": "spacewalk-java-4.1.18-3.5.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.1.18-3.5.3.noarch",
"product": {
"name": "spacewalk-java-config-4.1.18-3.5.3.noarch",
"product_id": "spacewalk-java-config-4.1.18-3.5.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.1.18-3.5.3.noarch",
"product": {
"name": "spacewalk-java-lib-4.1.18-3.5.3.noarch",
"product_id": "spacewalk-java-lib-4.1.18-3.5.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.1.18-3.5.3.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.1.18-3.5.3.noarch",
"product_id": "spacewalk-java-postgresql-4.1.18-3.5.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.1.18-3.5.3.noarch",
"product": {
"name": "spacewalk-taskomatic-4.1.18-3.5.3.noarch",
"product_id": "spacewalk-taskomatic-4.1.18-3.5.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-4.1.11-3.3.6.noarch",
"product": {
"name": "spacewalk-utils-4.1.11-3.3.6.noarch",
"product_id": "spacewalk-utils-4.1.11-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-extras-4.1.11-3.3.6.noarch",
"product": {
"name": "spacewalk-utils-extras-4.1.11-3.3.6.noarch",
"product_id": "spacewalk-utils-extras-4.1.11-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-doc-indexes-4.1-11.7.2.noarch",
"product": {
"name": "susemanager-doc-indexes-4.1-11.7.2.noarch",
"product_id": "susemanager-doc-indexes-4.1-11.7.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-4.1-11.7.2.noarch",
"product": {
"name": "susemanager-docs_en-4.1-11.7.2.noarch",
"product_id": "susemanager-docs_en-4.1-11.7.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-pdf-4.1-11.7.2.noarch",
"product": {
"name": "susemanager-docs_en-pdf-4.1-11.7.2.noarch",
"product_id": "susemanager-docs_en-pdf-4.1-11.7.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-4.1.0-3.3.6.noarch",
"product": {
"name": "susemanager-frontend-libs-4.1.0-3.3.6.noarch",
"product_id": "susemanager-frontend-libs-4.1.0-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.1.12-3.3.6.noarch",
"product": {
"name": "susemanager-schema-4.1.12-3.3.6.noarch",
"product_id": "susemanager-schema-4.1.12-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.1.14-3.5.2.noarch",
"product": {
"name": "susemanager-sls-4.1.14-3.5.2.noarch",
"product_id": "susemanager-sls-4.1.14-3.5.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-4.1.7-3.3.6.noarch",
"product": {
"name": "susemanager-sync-data-4.1.7-3.3.6.noarch",
"product_id": "susemanager-sync-data-4.1.7-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-4.1.15-3.3.6.noarch",
"product": {
"name": "susemanager-web-libs-4.1.15-3.3.6.noarch",
"product_id": "susemanager-web-libs-4.1.15-3.3.6.noarch"
}
},
{
"category": "product_version",
"name": "virtual-host-gatherer-1.0.21-4.3.6.noarch",
"product": {
"name": "virtual-host-gatherer-1.0.21-4.3.6.noarch",
"product_id": "virtual-host-gatherer-1.0.21-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch",
"product": {
"name": "virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch",
"product_id": "virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch",
"product": {
"name": "virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch",
"product_id": "virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch",
"product": {
"name": "virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch",
"product_id": "virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch",
"product": {
"name": "virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch",
"product_id": "virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch"
}
},
{
"category": "product_version",
"name": "virtualization-host-formula-0.5-3.3.1.noarch",
"product": {
"name": "virtualization-host-formula-0.5-3.3.1.noarch",
"product_id": "virtualization-host-formula-0.5-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch",
"product": {
"name": "yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch",
"product_id": "yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le"
}
},
{
"category": "product_version",
"name": "openvpn-formula-0.1.1-3.3.6.ppc64le",
"product": {
"name": "openvpn-formula-0.1.1-3.3.6.ppc64le",
"product_id": "openvpn-formula-0.1.1-3.3.6.ppc64le"
}
},
{
"category": "product_version",
"name": "patterns-suma_retail-4.1-6.3.6.ppc64le",
"product": {
"name": "patterns-suma_retail-4.1-6.3.6.ppc64le",
"product_id": "patterns-suma_retail-4.1-6.3.6.ppc64le"
}
},
{
"category": "product_version",
"name": "patterns-suma_server-4.1-6.3.6.ppc64le",
"product": {
"name": "patterns-suma_server-4.1-6.3.6.ppc64le",
"product_id": "patterns-suma_server-4.1-6.3.6.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le",
"product": {
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le",
"product_id": "python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-4.1.9-3.3.6.ppc64le",
"product": {
"name": "spacewalk-branding-4.1.9-3.3.6.ppc64le",
"product_id": "spacewalk-branding-4.1.9-3.3.6.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-4.1.18-3.3.6.ppc64le",
"product": {
"name": "susemanager-4.1.18-3.3.6.ppc64le",
"product_id": "susemanager-4.1.18-3.3.6.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.1.18-3.3.6.ppc64le",
"product": {
"name": "susemanager-tools-4.1.18-3.3.6.ppc64le",
"product_id": "susemanager-tools-4.1.18-3.3.6.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x"
}
},
{
"category": "product_version",
"name": "openvpn-formula-0.1.1-3.3.6.s390x",
"product": {
"name": "openvpn-formula-0.1.1-3.3.6.s390x",
"product_id": "openvpn-formula-0.1.1-3.3.6.s390x"
}
},
{
"category": "product_version",
"name": "patterns-suma_retail-4.1-6.3.6.s390x",
"product": {
"name": "patterns-suma_retail-4.1-6.3.6.s390x",
"product_id": "patterns-suma_retail-4.1-6.3.6.s390x"
}
},
{
"category": "product_version",
"name": "patterns-suma_server-4.1-6.3.6.s390x",
"product": {
"name": "patterns-suma_server-4.1-6.3.6.s390x",
"product_id": "patterns-suma_server-4.1-6.3.6.s390x"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.s390x",
"product": {
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.s390x",
"product_id": "python3-uyuni-common-libs-4.1.6-3.3.6.s390x"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-4.1.9-3.3.6.s390x",
"product": {
"name": "spacewalk-branding-4.1.9-3.3.6.s390x",
"product_id": "spacewalk-branding-4.1.9-3.3.6.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-4.1.18-3.3.6.s390x",
"product": {
"name": "susemanager-4.1.18-3.3.6.s390x",
"product_id": "susemanager-4.1.18-3.3.6.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.1.18-3.3.6.s390x",
"product": {
"name": "susemanager-tools-4.1.18-3.3.6.s390x",
"product_id": "susemanager-tools-4.1.18-3.3.6.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "patterns-suma_proxy-4.1-6.3.6.x86_64",
"product": {
"name": "patterns-suma_proxy-4.1-6.3.6.x86_64",
"product_id": "patterns-suma_proxy-4.1-6.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"product": {
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"product_id": "python3-uyuni-common-libs-4.1.6-3.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "openvpn-formula-0.1.1-3.3.6.x86_64",
"product": {
"name": "openvpn-formula-0.1.1-3.3.6.x86_64",
"product_id": "openvpn-formula-0.1.1-3.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "patterns-suma_retail-4.1-6.3.6.x86_64",
"product": {
"name": "patterns-suma_retail-4.1-6.3.6.x86_64",
"product_id": "patterns-suma_retail-4.1-6.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "patterns-suma_server-4.1-6.3.6.x86_64",
"product": {
"name": "patterns-suma_server-4.1-6.3.6.x86_64",
"product_id": "patterns-suma_server-4.1-6.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "spacewalk-branding-4.1.9-3.3.6.x86_64",
"product": {
"name": "spacewalk-branding-4.1.9-3.3.6.x86_64",
"product_id": "spacewalk-branding-4.1.9-3.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-4.1.18-3.3.6.x86_64",
"product": {
"name": "susemanager-4.1.18-3.3.6.x86_64",
"product_id": "susemanager-4.1.18-3.3.6.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.1.18-3.3.6.x86_64",
"product": {
"name": "susemanager-tools-4.1.18-3.3.6.x86_64",
"product_id": "susemanager-tools-4.1.18-3.3.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.1",
"product": {
"name": "SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.1",
"product": {
"name": "SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64 as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-osad-4.1.3-2.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:mgr-osad-4.1.3-2.3.6.noarch"
},
"product_reference": "mgr-osad-4.1.3-2.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_proxy-4.1-6.3.6.x86_64 as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:patterns-suma_proxy-4.1-6.3.6.x86_64"
},
"product_reference": "patterns-suma_proxy-4.1-6.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-osa-common-4.1.3-2.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch"
},
"product_reference": "python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-osad-4.1.3-2.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:python3-mgr-osad-4.1.3-2.3.6.noarch"
},
"product_reference": "python3-mgr-osad-4.1.3-2.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-suseRegisterInfo-4.1.3-4.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch"
},
"product_reference": "python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.x86_64 as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64"
},
"product_reference": "python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.1.6-4.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacecmd-4.1.6-4.3.6.noarch"
},
"product_reference": "spacecmd-4.1.6-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.1.14-4.5.2.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.1.15-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch"
},
"product_reference": "spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.1.15-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.1.12-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch"
},
"product_reference": "spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-broker-4.1.2-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-proxy-broker-4.1.2-3.3.6.noarch"
},
"product_reference": "spacewalk-proxy-broker-4.1.2-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-common-4.1.2-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-proxy-common-4.1.2-3.3.6.noarch"
},
"product_reference": "spacewalk-proxy-common-4.1.2-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-management-4.1.2-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-proxy-management-4.1.2-3.3.6.noarch"
},
"product_reference": "spacewalk-proxy-management-4.1.2-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch"
},
"product_reference": "spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-redirect-4.1.2-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-proxy-redirect-4.1.2-3.3.6.noarch"
},
"product_reference": "spacewalk-proxy-redirect-4.1.2-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-salt-4.1.2-3.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:spacewalk-proxy-salt-4.1.2-3.3.6.noarch"
},
"product_reference": "spacewalk-proxy-salt-4.1.2-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suseRegisterInfo-4.1.3-4.3.6.noarch as component of SUSE Manager Proxy Module 4.1",
"product_id": "SUSE Manager Proxy Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch"
},
"product_reference": "suseRegisterInfo-4.1.3-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch"
},
"product_reference": "cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-gson-2.8.5-3.2.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:google-gson-2.8.5-3.2.6.noarch"
},
"product_reference": "google-gson-2.8.5-3.2.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpcomponents-client-4.5.6-3.2.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.2.6.noarch"
},
"product_reference": "httpcomponents-client-4.5.6-3.2.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "httpcomponents-core-4.4.10-3.2.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.2.6.noarch"
},
"product_reference": "httpcomponents-core-4.4.10-3.2.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ical4j-3.0.18-3.2.7.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:ical4j-3.0.18-3.2.7.noarch"
},
"product_reference": "ical4j-3.0.18-3.2.7.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch"
},
"product_reference": "image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-libmod-4.1.4-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:mgr-libmod-4.1.4-3.3.6.noarch"
},
"product_reference": "mgr-libmod-4.1.4-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-osa-dispatcher-4.1.3-2.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:mgr-osa-dispatcher-4.1.3-2.3.6.noarch"
},
"product_reference": "mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-formula-0.1.1-3.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.ppc64le"
},
"product_reference": "openvpn-formula-0.1.1-3.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-formula-0.1.1-3.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.s390x"
},
"product_reference": "openvpn-formula-0.1.1-3.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-formula-0.1.1-3.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.x86_64"
},
"product_reference": "openvpn-formula-0.1.1-3.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_retail-4.1-6.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.ppc64le"
},
"product_reference": "patterns-suma_retail-4.1-6.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_retail-4.1-6.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.s390x"
},
"product_reference": "patterns-suma_retail-4.1-6.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_retail-4.1-6.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.x86_64"
},
"product_reference": "patterns-suma_retail-4.1-6.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_server-4.1-6.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.ppc64le"
},
"product_reference": "patterns-suma_server-4.1-6.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_server-4.1-6.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.s390x"
},
"product_reference": "patterns-suma_server-4.1-6.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "patterns-suma_server-4.1-6.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.x86_64"
},
"product_reference": "patterns-suma_server-4.1-6.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-exporters-formula-0.7.1-3.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:prometheus-exporters-formula-0.7.1-3.5.2.noarch"
},
"product_reference": "prometheus-exporters-formula-0.7.1-3.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pxe-default-image-sle15-4.1.0-Build5.3.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:pxe-default-image-sle15-4.1.0-Build5.3.noarch"
},
"product_reference": "pxe-default-image-sle15-4.1.0-Build5.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-osa-common-4.1.3-2.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch"
},
"product_reference": "python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch"
},
"product_reference": "python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-suseRegisterInfo-4.1.3-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch"
},
"product_reference": "python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le"
},
"product_reference": "python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.s390x"
},
"product_reference": "python3-uyuni-common-libs-4.1.6-3.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-4.1.6-3.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64"
},
"product_reference": "python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch"
},
"product_reference": "saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.1.6-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacecmd-4.1.6-4.3.6.noarch"
},
"product_reference": "spacecmd-4.1.6-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-app-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-applet-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-iss-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-server-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-sql-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-tools-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.1.15-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-base-4.1.15-3.3.6.noarch"
},
"product_reference": "spacewalk-base-4.1.15-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.1.15-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch"
},
"product_reference": "spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.1.15-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-4.1.9-3.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.ppc64le"
},
"product_reference": "spacewalk-branding-4.1.9-3.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-4.1.9-3.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.s390x"
},
"product_reference": "spacewalk-branding-4.1.9-3.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-branding-4.1.9-3.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.x86_64"
},
"product_reference": "spacewalk-branding-4.1.9-3.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.1.12-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch"
},
"product_reference": "spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.1.15-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-html-4.1.15-3.3.6.noarch"
},
"product_reference": "spacewalk-html-4.1.15-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.1.18-3.5.3.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-4.1.18-3.5.3.noarch"
},
"product_reference": "spacewalk-java-4.1.18-3.5.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.1.18-3.5.3.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.18-3.5.3.noarch"
},
"product_reference": "spacewalk-java-config-4.1.18-3.5.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.1.18-3.5.3.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.18-3.5.3.noarch"
},
"product_reference": "spacewalk-java-lib-4.1.18-3.5.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.1.18-3.5.3.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.18-3.5.3.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.1.18-3.5.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.1.18-3.5.3.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.18-3.5.3.noarch"
},
"product_reference": "spacewalk-taskomatic-4.1.18-3.5.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-4.1.11-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-utils-4.1.11-3.3.6.noarch"
},
"product_reference": "spacewalk-utils-4.1.11-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-extras-4.1.11-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-utils-extras-4.1.11-3.3.6.noarch"
},
"product_reference": "spacewalk-utils-extras-4.1.11-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suseRegisterInfo-4.1.3-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch"
},
"product_reference": "suseRegisterInfo-4.1.3-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.1.18-3.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.ppc64le"
},
"product_reference": "susemanager-4.1.18-3.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.1.18-3.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.s390x"
},
"product_reference": "susemanager-4.1.18-3.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.1.18-3.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.x86_64"
},
"product_reference": "susemanager-4.1.18-3.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-doc-indexes-4.1-11.7.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.7.2.noarch"
},
"product_reference": "susemanager-doc-indexes-4.1-11.7.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-4.1-11.7.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.7.2.noarch"
},
"product_reference": "susemanager-docs_en-4.1-11.7.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-pdf-4.1-11.7.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.7.2.noarch"
},
"product_reference": "susemanager-docs_en-pdf-4.1-11.7.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-frontend-libs-4.1.0-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.0-3.3.6.noarch"
},
"product_reference": "susemanager-frontend-libs-4.1.0-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.1.12-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-schema-4.1.12-3.3.6.noarch"
},
"product_reference": "susemanager-schema-4.1.12-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.1.14-3.5.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-sls-4.1.14-3.5.2.noarch"
},
"product_reference": "susemanager-sls-4.1.14-3.5.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-4.1.7-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.7-3.3.6.noarch"
},
"product_reference": "susemanager-sync-data-4.1.7-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.1.18-3.3.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.ppc64le"
},
"product_reference": "susemanager-tools-4.1.18-3.3.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.1.18-3.3.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.s390x"
},
"product_reference": "susemanager-tools-4.1.18-3.3.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.1.18-3.3.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.x86_64"
},
"product_reference": "susemanager-tools-4.1.18-3.3.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-4.1.15-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.15-3.3.6.noarch"
},
"product_reference": "susemanager-web-libs-4.1.15-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtual-host-gatherer-1.0.21-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:virtual-host-gatherer-1.0.21-4.3.6.noarch"
},
"product_reference": "virtual-host-gatherer-1.0.21-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch"
},
"product_reference": "virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch"
},
"product_reference": "virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch"
},
"product_reference": "virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch"
},
"product_reference": "virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualization-host-formula-0.5-3.3.1.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:virtualization-host-formula-0.5-3.3.1.noarch"
},
"product_reference": "virtualization-host-formula-0.5-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch"
},
"product_reference": "yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11022"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:mgr-osad-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:patterns-suma_proxy-4.1-6.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-mgr-osad-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:spacecmd-4.1.6-4.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-broker-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-common-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-management-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-redirect-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-salt-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:google-gson-2.8.5-3.2.6.noarch",
"SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.2.6.noarch",
"SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.2.6.noarch",
"SUSE Manager Server Module 4.1:ical4j-3.0.18-3.2.7.noarch",
"SUSE Manager Server Module 4.1:image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch",
"SUSE Manager Server Module 4.1:mgr-libmod-4.1.4-3.3.6.noarch",
"SUSE Manager Server Module 4.1:mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.s390x",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.s390x",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.s390x",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:prometheus-exporters-formula-0.7.1-3.5.2.noarch",
"SUSE Manager Server Module 4.1:pxe-default-image-sle15-4.1.0-Build5.3.noarch",
"SUSE Manager Server Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.s390x",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacecmd-4.1.6-4.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.s390x",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-html-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-utils-4.1.11-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-utils-extras-4.1.11-3.3.6.noarch",
"SUSE Manager Server Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.0-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-schema-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-sls-4.1.14-3.5.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.7-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtualization-host-formula-0.5-3.3.1.noarch",
"SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://www.suse.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190663 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1190663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:mgr-osad-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:patterns-suma_proxy-4.1-6.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-mgr-osad-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:spacecmd-4.1.6-4.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-broker-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-common-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-management-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-redirect-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-salt-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:google-gson-2.8.5-3.2.6.noarch",
"SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.2.6.noarch",
"SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.2.6.noarch",
"SUSE Manager Server Module 4.1:ical4j-3.0.18-3.2.7.noarch",
"SUSE Manager Server Module 4.1:image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch",
"SUSE Manager Server Module 4.1:mgr-libmod-4.1.4-3.3.6.noarch",
"SUSE Manager Server Module 4.1:mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.s390x",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.s390x",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.s390x",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:prometheus-exporters-formula-0.7.1-3.5.2.noarch",
"SUSE Manager Server Module 4.1:pxe-default-image-sle15-4.1.0-Build5.3.noarch",
"SUSE Manager Server Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.s390x",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacecmd-4.1.6-4.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.s390x",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-html-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-utils-4.1.11-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-utils-extras-4.1.11-3.3.6.noarch",
"SUSE Manager Server Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.0-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-schema-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-sls-4.1.14-3.5.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.7-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtualization-host-formula-0.5-3.3.1.noarch",
"SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:mgr-osad-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:patterns-suma_proxy-4.1-6.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-mgr-osad-4.1.3-2.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Proxy Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"SUSE Manager Proxy Module 4.1:spacecmd-4.1.6-4.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-broker-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-common-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-management-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-package-manager-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-redirect-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:spacewalk-proxy-salt-4.1.2-3.3.6.noarch",
"SUSE Manager Proxy Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-5.3.6.noarch",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.s390x",
"SUSE Manager Server Module 4.1:golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:google-gson-2.8.5-3.2.6.noarch",
"SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.2.6.noarch",
"SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.2.6.noarch",
"SUSE Manager Server Module 4.1:ical4j-3.0.18-3.2.7.noarch",
"SUSE Manager Server Module 4.1:image-sync-formula-0.1.1595937550.0285244-3.3.6.noarch",
"SUSE Manager Server Module 4.1:mgr-libmod-4.1.4-3.3.6.noarch",
"SUSE Manager Server Module 4.1:mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.s390x",
"SUSE Manager Server Module 4.1:openvpn-formula-0.1.1-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.s390x",
"SUSE Manager Server Module 4.1:patterns-suma_retail-4.1-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.ppc64le",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.s390x",
"SUSE Manager Server Module 4.1:patterns-suma_server-4.1-6.3.6.x86_64",
"SUSE Manager Server Module 4.1:prometheus-exporters-formula-0.7.1-3.5.2.noarch",
"SUSE Manager Server Module 4.1:pxe-default-image-sle15-4.1.0-Build5.3.noarch",
"SUSE Manager Server Module 4.1:python3-mgr-osa-common-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-mgr-osa-dispatcher-4.1.3-2.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.s390x",
"SUSE Manager Server Module 4.1:python3-uyuni-common-libs-4.1.6-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:saltboot-formula-0.1.1595937550.0285244-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacecmd-4.1.6-4.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.14-4.5.2.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.s390x",
"SUSE Manager Server Module 4.1:spacewalk-branding-4.1.9-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-html-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.18-3.5.3.noarch",
"SUSE Manager Server Module 4.1:spacewalk-utils-4.1.11-3.3.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-utils-extras-4.1.11-3.3.6.noarch",
"SUSE Manager Server Module 4.1:suseRegisterInfo-4.1.3-4.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-4.1.18-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.7.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.0-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-schema-4.1.12-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-sls-4.1.14-3.5.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.7-3.3.6.noarch",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.18-3.3.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.15-3.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-Kubernetes-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-Nutanix-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-VMware-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtual-host-gatherer-libcloud-1.0.21-4.3.6.noarch",
"SUSE Manager Server Module 4.1:virtualization-host-formula-0.5-3.3.1.noarch",
"SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-28T10:58:53Z",
"details": "moderate"
}
],
"title": "CVE-2020-11022"
}
]
}
SUSE-SU-2020:2650-1
Vulnerability from csaf_suse - Published: 2020-09-16 12:24 - Updated: 2020-09-16 12:24Summary
Security update for SUSE Manager Server 4.0
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Server 4.0
Description of the patch:
This update fixes the following issues:
hibernate5:
- Address CVE-2019-14900 (bsc#1172079)
image-sync-formula:
- Allow image-sync state on regular minion.
Image sync state requires branch-network pillars to get the directory
where to sync images. Use default `/srv/saltboot` if that pillar is
missing so image-sync can be applied on non branch minions as well.
openvpn-formula:
- Add hint that ssl certs must be on system (bsc#1172279)
prometheus-exporters-formula:
- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
- Add support for exporters proxy (exporter_exporter)
- Update the apache exporter config file for Debian
salt-netapi-client:
- Refresh authentication module list to newer Salt versions
saltboot-formula:
- Better fix for rounding errors (bsc#1136857)
spacecmd:
- Python3 fixes for errata in spacecmd (bsc#1169664)
- Python3 fix for sorted usage (bsc#1167907)
- Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)
- Fix escaping of package names (bsc#1171281)
spacewalk-admin:
- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)
spacewalk-certs-tools:
- Add option --nostricthostkeychecking to spacewalk-ssh-push-init
- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
spacewalk-java:
- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)
- Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556)
- Use media.1/products from media when not specified different (bsc#1175558)
- Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529)
- Fix alignment on icon on entitlement page
- Reset the server path on minion registration (bsc#1174254)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix error when rolling back a system to a snapshot (bsc#1173997)
- Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566)
- Provide comps.xml and modules.yaml when using onlinerepo for kickstart
- Set CPU and memory info for virtual instances (bsc#1170244)
- Change system list header text to something better (bsc#1173982)
spacewalk-setup:
- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)
spacewalk-utils:
- Avoid exceptions on the logs when looking for channels that do
not exist (bsc#1175529)
spacewalk-web:
- Fix login page after jQuery upgrade (bsc#1175224)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Warn when a system is in multiple groups that configure the same
formula in the system formula's UI (bsc#1173554)
susemanager:
- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
susemanager-frontend-libs:
- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)
susemanager-schema:
- Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)
susemanager-sls:
- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
- Fix reporting of missing products in product.all_installed (bsc#1165829)
- Require PyYAML version >= 5.1
- Get redhat-release only when it is not a symlink
- Fix: supply a dnf base when dealing w/repos (bsc#1172504)
- Fix: autorefresh in repos is zypper-only
susemanager-sync-data:
- Remove version from centos and oracle linux identifier (bsc#1173584)
virtualization-host-formula:
- Update to version 0.5
- Ensure kernel-default and libvirt-python3 are installed
- Set bridge network as default
- Fix conditionals (bsc#1175791)
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
spacewalk-schema-upgrade
5. Start the Spacewalk service:
spacewalk-service start
Patchnames: SUSE-2020-2650,SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
43 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\nhibernate5:\n\n- Address CVE-2019-14900 (bsc#1172079)\n\nimage-sync-formula:\n\n- Allow image-sync state on regular minion.\n Image sync state requires branch-network pillars to get the directory\n where to sync images. Use default `/srv/saltboot` if that pillar is\n missing so image-sync can be applied on non branch minions as well.\n\nopenvpn-formula:\n\n- Add hint that ssl certs must be on system (bsc#1172279)\n\nprometheus-exporters-formula:\n\n- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)\n- Add support for exporters proxy (exporter_exporter)\n- Update the apache exporter config file for Debian\n\nsalt-netapi-client:\n\n- Refresh authentication module list to newer Salt versions\n\nsaltboot-formula:\n\n- Better fix for rounding errors (bsc#1136857)\n\nspacecmd:\n\n- Python3 fixes for errata in spacecmd (bsc#1169664)\n- Python3 fix for sorted usage (bsc#1167907)\n- Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)\n- Fix escaping of package names (bsc#1171281)\n\nspacewalk-admin:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-certs-tools:\n\n- Add option --nostricthostkeychecking to spacewalk-ssh-push-init\n- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)\n\nspacewalk-java:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n- Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556)\n- Use media.1/products from media when not specified different (bsc#1175558)\n- Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529)\n- Fix alignment on icon on entitlement page\n- Reset the server path on minion registration (bsc#1174254)\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n- Fix error when rolling back a system to a snapshot (bsc#1173997)\n- Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566)\n- Provide comps.xml and modules.yaml when using onlinerepo for kickstart\n- Set CPU and memory info for virtual instances (bsc#1170244)\n- Change system list header text to something better (bsc#1173982)\n\nspacewalk-setup:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-utils:\n\n- Avoid exceptions on the logs when looking for channels that do\n not exist (bsc#1175529)\n\nspacewalk-web:\n\n- Fix login page after jQuery upgrade (bsc#1175224)\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n- Warn when a system is in multiple groups that configure the same\n formula in the system formula\u0027s UI (bsc#1173554)\n\nsusemanager:\n\n- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)\n\nsusemanager-frontend-libs:\n\n- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) \n\nsusemanager-schema:\n\n- Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)\n\nsusemanager-sls:\n\n- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)\n- Fix reporting of missing products in product.all_installed (bsc#1165829)\n- Require PyYAML version \u003e= 5.1\n- Get redhat-release only when it is not a symlink\n- Fix: supply a dnf base when dealing w/repos (bsc#1172504)\n- Fix: autorefresh in repos is zypper-only\n\nsusemanager-sync-data:\n\n- Remove version from centos and oracle linux identifier (bsc#1173584)\n\nvirtualization-host-formula:\n\n- Update to version 0.5\n - Ensure kernel-default and libvirt-python3 are installed\n - Set bridge network as default\n - Fix conditionals (bsc#1175791)\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-2650,SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2650-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:2650-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202650-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:2650-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007435.html"
},
{
"category": "self",
"summary": "SUSE Bug 1136857",
"url": "https://bugzilla.suse.com/1136857"
},
{
"category": "self",
"summary": "SUSE Bug 1165829",
"url": "https://bugzilla.suse.com/1165829"
},
{
"category": "self",
"summary": "SUSE Bug 1167907",
"url": "https://bugzilla.suse.com/1167907"
},
{
"category": "self",
"summary": "SUSE Bug 1169664",
"url": "https://bugzilla.suse.com/1169664"
},
{
"category": "self",
"summary": "SUSE Bug 1170244",
"url": "https://bugzilla.suse.com/1170244"
},
{
"category": "self",
"summary": "SUSE Bug 1171281",
"url": "https://bugzilla.suse.com/1171281"
},
{
"category": "self",
"summary": "SUSE Bug 1172079",
"url": "https://bugzilla.suse.com/1172079"
},
{
"category": "self",
"summary": "SUSE Bug 1172279",
"url": "https://bugzilla.suse.com/1172279"
},
{
"category": "self",
"summary": "SUSE Bug 1172504",
"url": "https://bugzilla.suse.com/1172504"
},
{
"category": "self",
"summary": "SUSE Bug 1172831",
"url": "https://bugzilla.suse.com/1172831"
},
{
"category": "self",
"summary": "SUSE Bug 1173073",
"url": "https://bugzilla.suse.com/1173073"
},
{
"category": "self",
"summary": "SUSE Bug 1173535",
"url": "https://bugzilla.suse.com/1173535"
},
{
"category": "self",
"summary": "SUSE Bug 1173554",
"url": "https://bugzilla.suse.com/1173554"
},
{
"category": "self",
"summary": "SUSE Bug 1173566",
"url": "https://bugzilla.suse.com/1173566"
},
{
"category": "self",
"summary": "SUSE Bug 1173584",
"url": "https://bugzilla.suse.com/1173584"
},
{
"category": "self",
"summary": "SUSE Bug 1173982",
"url": "https://bugzilla.suse.com/1173982"
},
{
"category": "self",
"summary": "SUSE Bug 1173997",
"url": "https://bugzilla.suse.com/1173997"
},
{
"category": "self",
"summary": "SUSE Bug 1174254",
"url": "https://bugzilla.suse.com/1174254"
},
{
"category": "self",
"summary": "SUSE Bug 1174470",
"url": "https://bugzilla.suse.com/1174470"
},
{
"category": "self",
"summary": "SUSE Bug 1175224",
"url": "https://bugzilla.suse.com/1175224"
},
{
"category": "self",
"summary": "SUSE Bug 1175529",
"url": "https://bugzilla.suse.com/1175529"
},
{
"category": "self",
"summary": "SUSE Bug 1175555",
"url": "https://bugzilla.suse.com/1175555"
},
{
"category": "self",
"summary": "SUSE Bug 1175556",
"url": "https://bugzilla.suse.com/1175556"
},
{
"category": "self",
"summary": "SUSE Bug 1175558",
"url": "https://bugzilla.suse.com/1175558"
},
{
"category": "self",
"summary": "SUSE Bug 1175724",
"url": "https://bugzilla.suse.com/1175724"
},
{
"category": "self",
"summary": "SUSE Bug 1175791",
"url": "https://bugzilla.suse.com/1175791"
},
{
"category": "self",
"summary": "SUSE Bug 1175884",
"url": "https://bugzilla.suse.com/1175884"
},
{
"category": "self",
"summary": "SUSE Bug 1175889",
"url": "https://bugzilla.suse.com/1175889"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14900 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8028 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8028/"
}
],
"title": "Security update for SUSE Manager Server 4.0",
"tracking": {
"current_release_date": "2020-09-16T12:24:27Z",
"generator": {
"date": "2020-09-16T12:24:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:2650-1",
"initial_release_date": "2020-09-16T12:24:27Z",
"revision_history": [
{
"date": "2020-09-16T12:24:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openvpn-formula-0.1.1-4.6.2.aarch64",
"product": {
"name": "openvpn-formula-0.1.1-4.6.2.aarch64",
"product_id": "openvpn-formula-0.1.1-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-4.0.28-3.36.3.aarch64",
"product": {
"name": "susemanager-4.0.28-3.36.3.aarch64",
"product_id": "susemanager-4.0.28-3.36.3.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.28-3.36.3.aarch64",
"product": {
"name": "susemanager-tools-4.0.28-3.36.3.aarch64",
"product_id": "susemanager-tools-4.0.28-3.36.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate5-5.3.7-4.3.2.noarch",
"product": {
"name": "hibernate5-5.3.7-4.3.2.noarch",
"product_id": "hibernate5-5.3.7-4.3.2.noarch"
}
},
{
"category": "product_version",
"name": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"product": {
"name": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"product_id": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch"
}
},
{
"category": "product_version",
"name": "prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"product": {
"name": "prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"product_id": "prometheus-exporters-formula-0.7.1-3.10.2.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"product": {
"name": "python2-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"product_id": "python2-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"product": {
"name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"product_id": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "salt-netapi-client-0.17.0-4.6.3.noarch",
"product": {
"name": "salt-netapi-client-0.17.0-4.6.3.noarch",
"product_id": "salt-netapi-client-0.17.0-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"product": {
"name": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"product_id": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.0.20-3.19.2.noarch",
"product": {
"name": "spacecmd-4.0.20-3.19.2.noarch",
"product_id": "spacecmd-4.0.20-3.19.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-admin-4.0.11-3.12.1.noarch",
"product": {
"name": "spacewalk-admin-4.0.11-3.12.1.noarch",
"product_id": "spacewalk-admin-4.0.11-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.0.23-3.30.3.noarch",
"product": {
"name": "spacewalk-base-4.0.23-3.30.3.noarch",
"product_id": "spacewalk-base-4.0.23-3.30.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"product": {
"name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"product_id": "spacewalk-base-minimal-4.0.23-3.30.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"product_id": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"product": {
"name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"product_id": "spacewalk-certs-tools-4.0.17-3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.0.23-3.30.3.noarch",
"product": {
"name": "spacewalk-dobby-4.0.23-3.30.3.noarch",
"product_id": "spacewalk-dobby-4.0.23-3.30.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.0.23-3.30.3.noarch",
"product": {
"name": "spacewalk-html-4.0.23-3.30.3.noarch",
"product_id": "spacewalk-html-4.0.23-3.30.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.0.37-3.39.1.noarch",
"product": {
"name": "spacewalk-java-4.0.37-3.39.1.noarch",
"product_id": "spacewalk-java-4.0.37-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.0.37-3.39.1.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.0.37-3.39.1.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.0.37-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.0.37-3.39.1.noarch",
"product": {
"name": "spacewalk-java-config-4.0.37-3.39.1.noarch",
"product_id": "spacewalk-java-config-4.0.37-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.0.37-3.39.1.noarch",
"product": {
"name": "spacewalk-java-lib-4.0.37-3.39.1.noarch",
"product_id": "spacewalk-java-lib-4.0.37-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"product_id": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"product": {
"name": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"product_id": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"product": {
"name": "spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"product_id": "spacewalk-proxy-common-4.0.14-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"product": {
"name": "spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"product_id": "spacewalk-proxy-management-4.0.14-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"product": {
"name": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"product_id": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"product": {
"name": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"product_id": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"product": {
"name": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"product_id": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-setup-4.0.14-3.14.1.noarch",
"product": {
"name": "spacewalk-setup-4.0.14-3.14.1.noarch",
"product_id": "spacewalk-setup-4.0.14-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"product": {
"name": "spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"product_id": "spacewalk-taskomatic-4.0.37-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-4.0.18-3.21.3.noarch",
"product": {
"name": "spacewalk-utils-4.0.18-3.21.3.noarch",
"product_id": "spacewalk-utils-4.0.18-3.21.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"product": {
"name": "susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"product_id": "susemanager-frontend-libs-4.0.2-4.3.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-devel-4.0.2-4.3.2.noarch",
"product": {
"name": "susemanager-frontend-libs-devel-4.0.2-4.3.2.noarch",
"product_id": "susemanager-frontend-libs-devel-4.0.2-4.3.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.0.22-3.29.2.noarch",
"product": {
"name": "susemanager-schema-4.0.22-3.29.2.noarch",
"product_id": "susemanager-schema-4.0.22-3.29.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.0.22-3.29.2.noarch",
"product": {
"name": "susemanager-schema-sanity-4.0.22-3.29.2.noarch",
"product_id": "susemanager-schema-sanity-4.0.22-3.29.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.0.29-3.31.3.noarch",
"product": {
"name": "susemanager-sls-4.0.29-3.31.3.noarch",
"product_id": "susemanager-sls-4.0.29-3.31.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-4.0.18-3.24.2.noarch",
"product": {
"name": "susemanager-sync-data-4.0.18-3.24.2.noarch",
"product_id": "susemanager-sync-data-4.0.18-3.24.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-4.0.23-3.30.3.noarch",
"product": {
"name": "susemanager-web-libs-4.0.23-3.30.3.noarch",
"product_id": "susemanager-web-libs-4.0.23-3.30.3.noarch"
}
},
{
"category": "product_version",
"name": "virtualization-host-formula-0.5-4.12.3.noarch",
"product": {
"name": "virtualization-host-formula-0.5-4.12.3.noarch",
"product_id": "virtualization-host-formula-0.5-4.12.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-formula-0.1.1-4.6.2.ppc64le",
"product": {
"name": "openvpn-formula-0.1.1-4.6.2.ppc64le",
"product_id": "openvpn-formula-0.1.1-4.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-4.0.28-3.36.3.ppc64le",
"product": {
"name": "susemanager-4.0.28-3.36.3.ppc64le",
"product_id": "susemanager-4.0.28-3.36.3.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.28-3.36.3.ppc64le",
"product": {
"name": "susemanager-tools-4.0.28-3.36.3.ppc64le",
"product_id": "susemanager-tools-4.0.28-3.36.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openvpn-formula-0.1.1-4.6.2.s390x",
"product": {
"name": "openvpn-formula-0.1.1-4.6.2.s390x",
"product_id": "openvpn-formula-0.1.1-4.6.2.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-4.0.28-3.36.3.s390x",
"product": {
"name": "susemanager-4.0.28-3.36.3.s390x",
"product_id": "susemanager-4.0.28-3.36.3.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.28-3.36.3.s390x",
"product": {
"name": "susemanager-tools-4.0.28-3.36.3.s390x",
"product_id": "susemanager-tools-4.0.28-3.36.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.3.1.x86_64",
"product": {
"name": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.3.1.x86_64",
"product_id": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openvpn-formula-0.1.1-4.6.2.x86_64",
"product": {
"name": "openvpn-formula-0.1.1-4.6.2.x86_64",
"product_id": "openvpn-formula-0.1.1-4.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-4.0.28-3.36.3.x86_64",
"product": {
"name": "susemanager-4.0.28-3.36.3.x86_64",
"product_id": "susemanager-4.0.28-3.36.3.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.28-3.36.3.x86_64",
"product": {
"name": "susemanager-tools-4.0.28-3.36.3.x86_64",
"product_id": "susemanager-tools-4.0.28-3.36.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.0",
"product": {
"name": "SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.0",
"product": {
"name": "SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.0.20-3.19.2.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch"
},
"product_reference": "spacecmd-4.0.20-3.19.2.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch"
},
"product_reference": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch"
},
"product_reference": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch"
},
"product_reference": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-common-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch"
},
"product_reference": "spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-management-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch"
},
"product_reference": "spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch"
},
"product_reference": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch"
},
"product_reference": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
"product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch"
},
"product_reference": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate5-5.3.7-4.3.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch"
},
"product_reference": "hibernate5-5.3.7-4.3.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch"
},
"product_reference": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-formula-0.1.1-4.6.2.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le"
},
"product_reference": "openvpn-formula-0.1.1-4.6.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-formula-0.1.1-4.6.2.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x"
},
"product_reference": "openvpn-formula-0.1.1-4.6.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-formula-0.1.1-4.6.2.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64"
},
"product_reference": "openvpn-formula-0.1.1-4.6.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-exporters-formula-0.7.1-3.10.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch"
},
"product_reference": "prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-netapi-client-0.17.0-4.6.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch"
},
"product_reference": "salt-netapi-client-0.17.0-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch"
},
"product_reference": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.0.20-3.19.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch"
},
"product_reference": "spacecmd-4.0.20-3.19.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-admin-4.0.11-3.12.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch"
},
"product_reference": "spacewalk-admin-4.0.11-3.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch"
},
"product_reference": "spacewalk-base-4.0.23-3.30.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch"
},
"product_reference": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch"
},
"product_reference": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch"
},
"product_reference": "spacewalk-html-4.0.23-3.30.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch"
},
"product_reference": "spacewalk-java-4.0.37-3.39.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch"
},
"product_reference": "spacewalk-java-config-4.0.37-3.39.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch"
},
"product_reference": "spacewalk-java-lib-4.0.37-3.39.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-setup-4.0.14-3.14.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch"
},
"product_reference": "spacewalk-setup-4.0.14-3.14.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch"
},
"product_reference": "spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-4.0.18-3.21.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch"
},
"product_reference": "spacewalk-utils-4.0.18-3.21.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.28-3.36.3.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le"
},
"product_reference": "susemanager-4.0.28-3.36.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.28-3.36.3.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x"
},
"product_reference": "susemanager-4.0.28-3.36.3.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.28-3.36.3.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64"
},
"product_reference": "susemanager-4.0.28-3.36.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-frontend-libs-4.0.2-4.3.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch"
},
"product_reference": "susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.0.22-3.29.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch"
},
"product_reference": "susemanager-schema-4.0.22-3.29.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.0.29-3.31.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch"
},
"product_reference": "susemanager-sls-4.0.29-3.31.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-4.0.18-3.24.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch"
},
"product_reference": "susemanager-sync-data-4.0.18-3.24.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.28-3.36.3.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le"
},
"product_reference": "susemanager-tools-4.0.28-3.36.3.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.28-3.36.3.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x"
},
"product_reference": "susemanager-tools-4.0.28-3.36.3.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.28-3.36.3.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64"
},
"product_reference": "susemanager-tools-4.0.28-3.36.3.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch"
},
"product_reference": "susemanager-web-libs-4.0.23-3.30.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtualization-host-formula-0.5-4.12.3.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
},
"product_reference": "virtualization-host-formula-0.5-4.12.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14900"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14900",
"url": "https://www.suse.com/security/cve/CVE-2019-14900"
},
{
"category": "external",
"summary": "SUSE Bug 1172079 for CVE-2019-14900",
"url": "https://bugzilla.suse.com/1172079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-16T12:24:27Z",
"details": "moderate"
}
],
"title": "CVE-2019-14900"
},
{
"cve": "CVE-2020-11022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11022"
}
],
"notes": [
{
"category": "general",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11022",
"url": "https://www.suse.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "SUSE Bug 1173090 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1173090"
},
{
"category": "external",
"summary": "SUSE Bug 1178434 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1178434"
},
{
"category": "external",
"summary": "SUSE Bug 1190663 for CVE-2020-11022",
"url": "https://bugzilla.suse.com/1190663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-16T12:24:27Z",
"details": "moderate"
}
],
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-8028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8028"
}
],
"notes": [
{
"category": "general",
"text": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8028",
"url": "https://www.suse.com/security/cve/CVE-2020-8028"
},
{
"category": "external",
"summary": "SUSE Bug 1175884 for CVE-2020-8028",
"url": "https://bugzilla.suse.com/1175884"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
"SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
"SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
"SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
"SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
"SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
"SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
"SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-09-16T12:24:27Z",
"details": "important"
}
],
"title": "CVE-2020-8028"
}
]
}
VAR-202004-2191
Vulnerability from variot - Updated: 2026-03-09 21:54In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1376706 - restore SerialNumber tag in caManualRenewal xml 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1406505 - KRA ECC installation failed with shared tomcat 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1666907 - CC: Enable AIA OCSP cert checking for entire cert chain 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page 1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page 1721684 - Rebase pki-servlet-engine to 9.0.30 1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. 1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page 1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp 1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server 1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI 1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak 1824939 - JSS: add RSA PSS support - RHEL 8.3 1824948 - add RSA PSS support - RHEL 8.3 1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8] 1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8] 1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password 1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired="true" but no secret 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException 1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing 1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates 1855319 - Not able to launch pkiconsole 1856368 - kra-key-generate request is failing 1857933 - CA Installation is failing with ncipher v12.30 HSM 1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request 1869893 - Common certificates are missing in CS.cfg on shared PKI instance 1871064 - replica install failing during pki-ca component configuration 1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'
- You can also manage user accounts for web applications, mobile applications, and RESTful web services. Description:
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1430365 - [RFE] Host-group names command rename 1488732 - fake_mname in named.conf is no longer effective 1585020 - Enable compat tree to provide information about AD users and groups on trust agents 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1651577 - [WebUI] IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701233 - [RFE] support setting supported signature methods on the token 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1746830 - Memory leak during search of idview overrides 1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch 1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming 1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI) 1759888 - Rebase OpenDNSSEC to 2.1 1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED 1777806 - When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1801698 - [RFE] Changing default hostgroup is too easy 1802471 - SELinux policy for ipa-custodia 1809835 - RFE: ipa group-add-member: number of failed should also be emphasized 1810154 - RFE: ipa-backup should compare locally and globally installed server roles 1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time 1813330 - ipa-restore does not restart httpd 1816784 - KRA install fails if all KRA members are Hidden Replicas 1818765 - [Rebase] Rebase ipa to 4.8.6+ 1818877 - [Rebase] Rebase to softhsm 2.6.0+ 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831732 - AVC avc: denied { dac_override } for comm="ods-enforcerd 1831935 - AD authentication with IdM against SQL Server 1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11 1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings 1834264 - BIND rebase: rebuild against new so version 1834909 - softhsm use-after-free on process exit 1845211 - Rebase bind-dyndb-ldap to 11.3 1845537 - IPA bind configuration issue 1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts 1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn 1849914 - FreeIPA - Utilize 256-bit AJP connector passwords 1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition 1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2 1853263 - ipa-selinux package missing 1857157 - replica install failing with avc denial for custodia component 1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master 1859213 - AVC denial during ipa-adtrust-install --add-agents 1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused' 1863616 - CA-less install does not set required permissions on KDC certificate 1866291 - EPN: enhance input validation 1866938 - ipa-epn fails to retrieve user data if some user attributes are not present 1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key' 1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less 1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain 1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. 1879604 - pkispawn logs files are empty
-
Gentoo Linux Security Advisory GLSA 202007-03
https://security.gentoo.org/ <https://security.gentoo.org/>
Severity: Normal Title: Cacti: Multiple vulnerabilities Date: July 26, 2020 Bugs: #728678, #732522 ID: 202007-03
Synopsis
Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code.
Background
Cacti is a complete frontend to rrdtool.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/cacti < 1.2.13 >= 1.2.13 2 net-analyzer/cacti-spine < 1.2.13 >= 1.2.13 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Cacti users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.13"
All Cacti Spine users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/cacti-spine-1.2.13"
References
[ 1 ] CVE-2020-11022 https://nvd.nist.gov/vuln/detail/CVE-2020-11022 https://nvd.nist.gov/vuln/detail/CVE-2020-11022 [ 2 ] CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 [ 3 ] CVE-2020-14295 https://nvd.nist.gov/vuln/detail/CVE-2020-14295 https://nvd.nist.gov/vuln/detail/CVE-2020-14295
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202007-03 https://security.gentoo.org/glsa/202007-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org https://bugs.gentoo.org/.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 https://creativecommons.org/licenses/by-sa/2.5
. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied.
See the following documentation, which will be updated shortly for release 3.11.219, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update is available via the Red Hat Network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2020:3807-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3807 Issue date: 2020-09-23 CVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023 CVE-2020-14333 ==================================================================== 1. Summary:
An update is now available for Red Hat Virtualization Engine 4.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The org.ovirt.engine-root is a core component of oVirt.
The following packages have been upgraded to a later upstream version: ansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3), ovirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1), ovirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3), ovirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1), vdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes
Security Fix(es):
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
-
ovirt-engine: Reflected cross site scripting vulnerability (CVE-2020-14333)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)
-
VM portal always asks how to open console.vv even it has been set to default application. (BZ#1638217)
-
RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)
-
On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)
-
Possible missing block path for a SCSI host device needs to be handled in the UI (BZ#1801206)
-
Scheduling Memory calculation disregards huge-pages (BZ#1804037)
-
Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. (BZ#1804046)
-
In Admin Portal, "Huge Pages (size: amount)" needs to be clarified (BZ#1806339)
-
Refresh LUN is using host from different Data Center to scan the LUN (BZ#1838051)
-
Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal (BZ#1843234)
-
[RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)
-
[CNV&RHV] Add-Disk operation failed to complete. (BZ#1855377)
-
Cannot create KubeVirt VM as a normal user (BZ#1859460)
-
Welcome page - remove Metrics Store links and update "Insights Guide" link (BZ#1866466)
-
[RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)
-
VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. (BZ#1871235)
-
spec_ctrl host feature not detected (BZ#1875609)
Enhancement(s):
-
[RFE] API for changed blocks/sectors for a disk for incremental backup usage (BZ#1139877)
-
[RFE] Improve workflow for storage migration of VMs with multiple disks (BZ#1749803)
-
[RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots (BZ#1763812)
-
[RFE] enhance search filter for Storage Domains with free argument (BZ#1819260)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1625499 - Cannot assign direct LUN from FC storage - grayed out 1638217 - VM portal always asks how to open console.vv even it has been set to default application. 1643520 - RESTAPI Not able to remove the QoS from a disk profile 1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge) 1748879 - On OVA import, qemu-img fails to write to NFS storage domain 1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks 1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied 1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots 1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. 1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. 1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI 1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. 1804037 - Scheduling Memory calculation disregards huge-pages 1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. 1806339 - In Admin Portal, "Huge Pages (size: amount)" needs to be clarified 1816951 - [CNV&RHV] CNV VM migration failure is not handled correctly by the engine 1819260 - [RFE] enhance search filter for Storage Domains with free argument 1826255 - [CNV&RHV]Change name of type of provider - CNV -> OpenShift Virtualization 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC 1831952 - RESTAPI contains malformed link around JSON representation fo the cluster 1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent 1831956 - RESTAPI javadoc contains malformed link around time zone representation 1838051 - Refresh LUN is using host from different Data Center to scan the LUN 1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory 1843234 - Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal 1850004 - CVE-2020-11023 jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution 1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster 1855377 - [CNV&RHV] Add-Disk operation failed to complete. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability 1859460 - Cannot create KubeVirt VM as a normal user 1860907 - Upgrade bundled GWT to 2.9.0 1866466 - Welcome page - remove Metrics Store links and update "Insights Guide" link 1866734 - [DWH] Rebase bug - for the 4.4.2 release 1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade 1869302 - ansible 2.9.12 - host deploy fixes 1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. 1875609 - spec_ctrl host feature not detected 1875851 - Web Admin interface broken on Firefox ESR 68.11
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ansible-runner-service-1.0.5-1.el8ev.src.rpm ovirt-engine-4.4.2.3-0.6.el8ev.src.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm ovirt-log-collector-4.4.3-1.el8ev.src.rpm ovirt-web-ui-1.6.4-1.el8ev.src.rpm rhvm-branding-rhv-4.4.5-1.el8ev.src.rpm rhvm-dependencies-4.4.1-1.el8ev.src.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm
noarch: ansible-runner-service-1.0.5-1.el8ev.noarch.rpm ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-log-collector-4.4.3-1.el8ev.noarch.rpm ovirt-web-ui-1.6.4-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm rhvm-dependencies-4.4.1-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-14333 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj gdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj rfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM R5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ BynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk J+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp t+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH A1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl 5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY TzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N mqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc bvmOI0eIsZw=Jhpi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0-19.1.2"
},
{
"_id": null,
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"_id": null,
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"_id": null,
"model": "financial services analytical applications reconciliation framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.2"
},
{
"_id": null,
"model": "financial services data governance for us regulatory reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"_id": null,
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"_id": null,
"model": "financial services analytical applications reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services basel regulatory capital basic",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "insurance data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services analytical applications reconciliation framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "insurance accounting analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "insurance data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.2"
},
{
"_id": null,
"model": "financial services basel regulatory capital basic",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services data governance for us regulatory reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"_id": null,
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"_id": null,
"model": "communications diameter signaling router idih\\:",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.0.0"
},
{
"_id": null,
"model": "financial services regulatory reporting for european banking authority",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.8"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.1"
},
{
"_id": null,
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"_id": null,
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8m0"
},
{
"_id": null,
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.1.0"
},
{
"_id": null,
"model": "financial services balance sheet planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "insurance data foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6-8.1.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"_id": null,
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services regulatory reporting for us federal reserve",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"_id": null,
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0.0"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "financial services data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"_id": null,
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"_id": null,
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"_id": null,
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0.0"
},
{
"_id": null,
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"_id": null,
"model": "communications diameter signaling router idih\\:",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1.1"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services regulatory reporting for us federal reserve",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services regulatory reporting for european banking authority",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "agile product supplier collaboration for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"_id": null,
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "jquery",
"scope": null,
"trust": 0.8,
"vendor": "jquery",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
}
],
"trust": 0.6
},
"cve": "CVE-2020-11022",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11022",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11022",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-11022",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-11022",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-11022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-163559",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11022",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"description": {
"_id": null,
"data": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1376706 - restore SerialNumber tag in caManualRenewal xml\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1406505 - KRA ECC installation failed with shared tomcat\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1666907 - CC: Enable AIA OCSP cert checking for entire cert chain\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page\n1710171 - CVE-2019-10146 pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page\n1721684 - Rebase pki-servlet-engine to 9.0.30\n1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. \n1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page\n1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp\n1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server\n1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI\n1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak\n1824939 - JSS: add RSA PSS support - RHEL 8.3\n1824948 - add RSA PSS support - RHEL 8.3\n1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab [rhel-8]\n1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in \u0027path length\u0027 constraint field in CA\u0027s Agent page [rhel-8]\n1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password\n1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired=\"true\" but no secret\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException\n1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing\n1855273 - CVE-2020-15720 pki: Dogtag\u0027s python client does not validate certificates\n1855319 - Not able to launch pkiconsole\n1856368 - kra-key-generate request is failing\n1857933 - CA Installation is failing with ncipher v12.30 HSM\n1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request\n1869893 - Common certificates are missing in CS.cfg on shared PKI instance\n1871064 - replica install failing during pki-ca component configuration\n1873235 - pki ca-user-cert-add with secure port failed with \u0027SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT\u0027\n\n6. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1430365 - [RFE] Host-group names command rename\n1488732 - fake_mname in named.conf is no longer effective\n1585020 - Enable compat tree to provide information about AD users and groups on trust agents\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1651577 - [WebUI] IPA Error 3007: RequirmentError\" while adding members in \"User ID overrides\" tab\n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701233 - [RFE] support setting supported signature methods on the token\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1746830 - Memory leak during search of idview overrides\n1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch\n1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming\n1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn\u0027t work in GUI (it works only from CLI)\n1759888 - Rebase OpenDNSSEC to 2.1\n1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED\n1777806 - When Service weight is set as 0 for server in IPA location \"IPA Error 903: InternalError\" is displayed\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1801698 - [RFE] Changing default hostgroup is too easy\n1802471 - SELinux policy for ipa-custodia\n1809835 - RFE: ipa group-add-member: number of failed should also be emphasized\n1810154 - RFE: ipa-backup should compare locally and globally installed server roles\n1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time\n1813330 - ipa-restore does not restart httpd\n1816784 - KRA install fails if all KRA members are Hidden Replicas\n1818765 - [Rebase] Rebase ipa to 4.8.6+\n1818877 - [Rebase] Rebase to softhsm 2.6.0+\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831732 - AVC avc: denied { dac_override } for comm=\"ods-enforcerd\n1831935 - AD authentication with IdM against SQL Server\n1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11\n1833266 - [dirsrv] set \u0027nsslapd-enable-upgrade-hash: off\u0027 as this raises warnings\n1834264 - BIND rebase: rebuild against new so version\n1834909 - softhsm use-after-free on process exit\n1845211 - Rebase bind-dyndb-ldap to 11.3\n1845537 - IPA bind configuration issue\n1845596 - ipa trust-add fails with \u0027Fetching domains from trusted forest failed\u0027\n1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts\n1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7\n1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn\n1849914 - FreeIPA - Utilize 256-bit AJP connector passwords\n1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition\n1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2\n1853263 - ipa-selinux package missing\n1857157 - replica install failing with avc denial for custodia component\n1858318 - AttributeError: module \u0027ssl\u0027 has no attribute \u0027SSLCertVerificationError\u0027 when upgrading ca-less ipa master\n1859213 - AVC denial during ipa-adtrust-install --add-agents\n1863079 - ipa-epn command displays \u0027exception: ConnectionRefusedError: [Errno 111] Connection refused\u0027\n1863616 - CA-less install does not set required permissions on KDC certificate\n1866291 - EPN: enhance input validation\n1866938 - ipa-epn fails to retrieve user data if some user attributes are not present\n1868432 - Unhandled Python exception in \u0027/usr/libexec/ipa/ipa-pki-retrieve-key\u0027\n1869311 - ipa trust-add fails with \u0027Fetching domains from trusted forest failed\u0027\n1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less\n1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain\n1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. \n1879604 - pkispawn logs files are empty\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202007-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/ \u003chttps://security.gentoo.org/\u003e\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Cacti: Multiple vulnerabilities\n Date: July 26, 2020\n Bugs: #728678, #732522\n ID: 202007-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Cacti, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nCacti is a complete frontend to rrdtool. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/cacti \u003c 1.2.13 \u003e= 1.2.13\n 2 net-analyzer/cacti-spine\n \u003c 1.2.13 \u003e= 1.2.13\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Cacti. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Cacti users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/cacti-1.2.13\"\n\nAll Cacti Spine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=net-analyzer/cacti-spine-1.2.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11022\n https://nvd.nist.gov/vuln/detail/CVE-2020-11022 \u003chttps://nvd.nist.gov/vuln/detail/CVE-2020-11022\u003e\n[ 2 ] CVE-2020-11023\n https://nvd.nist.gov/vuln/detail/CVE-2020-11023 \u003chttps://nvd.nist.gov/vuln/detail/CVE-2020-11023\u003e\n[ 3 ] CVE-2020-14295\n https://nvd.nist.gov/vuln/detail/CVE-2020-14295 \u003chttps://nvd.nist.gov/vuln/detail/CVE-2020-14295\u003e\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-03 \u003chttps://security.gentoo.org/glsa/202007-03\u003e\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org \u003cmailto:security@gentoo.org\u003e or alternatively, you may file a bug at\nhttps://bugs.gentoo.org \u003chttps://bugs.gentoo.org/\u003e. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5 \u003chttps://creativecommons.org/licenses/by-sa/2.5\u003e\n\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nSee the following documentation, which will be updated shortly for release\n3.11.219, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3807-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3807\nIssue date: 2020-09-23\nCVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023\n CVE-2020-14333\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Virtualization Engine 4.4. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe org.ovirt.engine-root is a core component of oVirt. \n\nThe following packages have been upgraded to a later upstream version:\nansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3),\novirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1),\novirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3),\novirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1),\nvdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)\n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht\nml-single/technical_notes\n\nSecurity Fix(es):\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* ovirt-engine: Reflected cross site scripting vulnerability\n(CVE-2020-14333)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)\n\n* VM portal always asks how to open console.vv even it has been set to\ndefault application. (BZ#1638217)\n\n* RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)\n\n* On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)\n\n* Possible missing block path for a SCSI host device needs to be handled in\nthe UI (BZ#1801206)\n\n* Scheduling Memory calculation disregards huge-pages (BZ#1804037)\n\n* Engine does not reduce scheduling memory when a VM with dynamic hugepages\nruns. (BZ#1804046)\n\n* In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n(BZ#1806339)\n\n* Refresh LUN is using host from different Data Center to scan the LUN\n(BZ#1838051)\n\n* Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and\ngreater for RHV-M GUI/Webadmin portal (BZ#1843234)\n\n* [RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)\n\n* [CNV\u0026RHV] Add-Disk operation failed to complete. (BZ#1855377)\n\n* Cannot create KubeVirt VM as a normal user (BZ#1859460)\n\n* Welcome page - remove Metrics Store links and update \"Insights Guide\"\nlink (BZ#1866466)\n\n* [RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)\n\n* VM vm-name is down with error. Exit message: unsupported configuration:\nCan\u0027t add USB input device. USB bus is disabled. (BZ#1871235)\n\n* spec_ctrl host feature not detected (BZ#1875609)\n\nEnhancement(s):\n\n* [RFE] API for changed blocks/sectors for a disk for incremental backup\nusage (BZ#1139877)\n\n* [RFE] Improve workflow for storage migration of VMs with multiple disks\n(BZ#1749803)\n\n* [RFE] Move the Remove VM button to the drop down menu when viewing\ndetails such as snapshots (BZ#1763812)\n\n* [RFE] enhance search filter for Storage Domains with free argument\n(BZ#1819260)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1625499 - Cannot assign direct LUN from FC storage - grayed out\n1638217 - VM portal always asks how to open console.vv even it has been set to default application. \n1643520 - RESTAPI Not able to remove the QoS from a disk profile\n1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge)\n1748879 - On OVA import, qemu-img fails to write to NFS storage domain\n1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks\n1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied\n1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots\n1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. \n1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. \n1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI\n1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. \n1804037 - Scheduling Memory calculation disregards huge-pages\n1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. \n1806339 - In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n1816951 - [CNV\u0026RHV] CNV VM migration failure is not handled correctly by the engine\n1819260 - [RFE] enhance search filter for Storage Domains with free argument\n1826255 - [CNV\u0026RHV]Change name of type of provider - CNV -\u003e OpenShift Virtualization\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC\n1831952 - RESTAPI contains malformed link around JSON representation fo the cluster\n1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent\n1831956 - RESTAPI javadoc contains malformed link around time zone representation\n1838051 - Refresh LUN is using host from different Data Center to scan the LUN\n1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory\n1843234 - Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster\n1855377 - [CNV\u0026RHV] Add-Disk operation failed to complete. \n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability\n1859460 - Cannot create KubeVirt VM as a normal user\n1860907 - Upgrade bundled GWT to 2.9.0\n1866466 - Welcome page - remove Metrics Store links and update \"Insights Guide\" link\n1866734 - [DWH] Rebase bug - for the 4.4.2 release\n1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade\n1869302 - ansible 2.9.12 - host deploy fixes\n1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can\u0027t add USB input device. USB bus is disabled. \n1875609 - spec_ctrl host feature not detected\n1875851 - Web Admin interface broken on Firefox ESR 68.11\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-service-1.0.5-1.el8ev.src.rpm\novirt-engine-4.4.2.3-0.6.el8ev.src.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm\novirt-log-collector-4.4.3-1.el8ev.src.rpm\novirt-web-ui-1.6.4-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.src.rpm\nrhvm-dependencies-4.4.1-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm\n\nnoarch:\nansible-runner-service-1.0.5-1.el8ev.noarch.rpm\novirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-log-collector-4.4.3-1.el8ev.noarch.rpm\novirt-web-ui-1.6.4-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm\nrhvm-dependencies-4.4.1-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8203\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2020-14333\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj\ngdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj\nrfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM\nR5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ\nBynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk\nJ+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp\nt+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH\nA1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl\n5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY\nTzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N\nmqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc\nbvmOI0eIsZw=Jhpi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "158555"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11022",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162159",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2020-10",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2020-11",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-055-02",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU99843134",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94912830",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94847990",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94973485",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-182-07",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-342-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.8
},
{
"db": "CERT@VDE",
"id": "VDE-2021-027",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171215",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "157850",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163559",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11022",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "158555"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"id": "VAR-202004-2191",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:54:02.528000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2020-130",
"trust": 0.8,
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 3.11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202217 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4693-1 drupal7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=978f239ce60a8a08c53eb64ba189d0f6"
},
{
"title": "Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204211 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203807 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202362 - Security Advisory"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205249 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e7014c0a68e8d9bc31a54125059176dc"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226393 - Security Advisory"
},
{
"title": "Red Hat: Moderate: ipa security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203936 - Security Advisory"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203247 - Security Advisory"
},
{
"title": "Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204670 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202813 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus 8.13.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2020-10"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=0c6e8f969487f201b1d56f59bd98f443"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=e57a04f097f54c762da82263eadc1b8a"
},
{
"title": "Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204847 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-02"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230556 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230554 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2020-11"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1519",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1519"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-130"
},
{
"title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-10"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231049 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231045 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231043 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231044 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231047 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "Geolocation Playground",
"trust": 0.1,
"url": "https://github.com/blaufish/geo "
},
{
"title": "https-nj.gov---CVE-2020-11022\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/Snorlyd/https-nj.gov---CVE-2020-11022 "
},
{
"title": "https-nj.gov---CVE-2020-11022\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/korestreet/https-nj.gov---CVE-2020-11022 "
},
{
"title": "AlmostSignificant",
"trust": 0.1,
"url": "https://github.com/bartongroup/AlmostSignificant "
},
{
"title": "Bagel Patch Website\n\nTO DO:",
"trust": 0.1,
"url": "https://github.com/corey-schneider/bagel-shop "
},
{
"title": "JS_Encoder",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/JS_Encoder "
},
{
"title": "XSSPlayground\nWhat is XSS?",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/XSSPlayground "
},
{
"title": "jQuery XSS",
"trust": 0.1,
"url": "https://github.com/EmptyHeart5292/jQuery-XSS "
},
{
"title": "https://github.com/DanielRuf/snyk-js-jquery-565129",
"trust": 0.1,
"url": "https://github.com/DanielRuf/snyk-js-jquery-565129 "
},
{
"title": "CVE-2020-11022 CVE-2020-11023",
"trust": 0.1,
"url": "https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023 "
},
{
"title": "Strings_Attached\nUser Experience\nDevelopment Process\nTesting\nBugs\nLibraries and Programs Used\nDeployment\nCredits\nAcknowledgements",
"trust": 0.1,
"url": "https://github.com/johnrearden/strings_attached "
},
{
"title": "CVEcrystalyer",
"trust": 0.1,
"url": "https://github.com/captcha-n00b/CVEcrystalyer "
},
{
"title": "CVE Sandbox :: jQuery",
"trust": 0.1,
"url": "https://github.com/cve-sandbox/jquery "
},
{
"title": "jQuery \u2014 New Wave JavaScript",
"trust": 0.1,
"url": "https://github.com/spurreiter/jquery "
},
{
"title": "Github Repository Security Alerts",
"trust": 0.1,
"url": "https://github.com/elifesciences/github-repo-security-alerts "
},
{
"title": "Case Study",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/Case-Study-Hamsa "
},
{
"title": "Retire HTML Parser",
"trust": 0.1,
"url": "https://github.com/marksowell/retire-html-parser "
},
{
"title": "https://github.com/octane23/CASE-STUDY-1",
"trust": 0.1,
"url": "https://github.com/octane23/CASE-STUDY-1 "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/ArrestX/--POC "
},
{
"title": "Normal-POC",
"trust": 0.1,
"url": "https://github.com/Miraitowa70/POC-Notes "
},
{
"title": "Normal-POC",
"trust": 0.1,
"url": "https://github.com/Miraitowa70/Pentest-Notes "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/KayCHENvip/vulnerability-poc "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/Threekiii/Awesome-POC "
},
{
"title": "\u6b22\u8fce\u5173\u6ce8\u963f\u5c14\u6cd5\u5b9e\u9a8c\u5ba4\u5fae\u4fe1\u516c\u4f17\u53f7",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2020 "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 1.3,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.2,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.2,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html"
},
{
"trust": 1.2,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"trust": 1.2,
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"trust": 1.2,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.2,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94912830/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94847990/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99843134/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94973485/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-342-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-07"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-027/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/blaufish/geo"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14295\u003e"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023\u003e"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202007-03\u003e"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5\u003e"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14295"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org/\u003e."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14333"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "158555"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163559",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11022",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159852",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "171215",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "171212",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159876",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158555",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157850",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159275",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11022",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163559",
"ident": null
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11022",
"ident": null
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852",
"ident": null
},
{
"date": "2023-03-02T15:19:44",
"db": "PACKETSTORM",
"id": "171215",
"ident": null
},
{
"date": "2023-03-02T15:19:19",
"db": "PACKETSTORM",
"id": "171212",
"ident": null
},
{
"date": "2020-11-04T15:32:52",
"db": "PACKETSTORM",
"id": "159876",
"ident": null
},
{
"date": "2020-07-27T17:38:33",
"db": "PACKETSTORM",
"id": "158555",
"ident": null
},
{
"date": "2020-05-28T16:07:33",
"db": "PACKETSTORM",
"id": "157850",
"ident": null
},
{
"date": "2020-09-24T00:30:36",
"db": "PACKETSTORM",
"id": "159275",
"ident": null
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"ident": null
},
{
"date": "2020-04-29T22:15:11.903000",
"db": "NVD",
"id": "CVE-2020-11022",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-163559",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11022",
"ident": null
},
{
"date": "2025-07-03T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"ident": null
},
{
"date": "2024-11-21T04:56:36.110000",
"db": "NVD",
"id": "CVE-2020-11022",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "jQuery\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code execution, xss, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "159876"
}
],
"trust": 0.2
}
}
VDE-2021-027
Vulnerability from csaf_pepperlfuchsse - Published: 2021-10-16 12:00 - Updated: 2025-05-14 13:00Summary
Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service
Notes
Summary: Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1.
The impact of the vulnerabilities on the affected device may result in
- denial of service
- remote code execution
- code exposure
Impact: Pepperl+Fuchs: Analyzed and Identified Affected Devices
Remote attackers may exploit the vulnerability by sending specially crafted packages that may result in a denial-of-service condition or code execution.
| Firmware Version | Affected by |
|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 3.0.7 | CVE-2020-11023, CVE-2020-11022, CVE-2020-7656, CVE-2019-11358, CVE-2016-10707, CVE-2015-9251, CVE-2014-6071, CVE-2012-6708, CVE-2011-4969, CVE-2007-2379, CVE-2021-33555, CVE-2021-34559, CVE-2021-34560, CVE-2021-34561, CVE-2021-34565 |
| 3.0.8 | CVE-2020-11023, CVE-2020-11022, CVE-2020-7656, CVE-2019-11358, CVE-2016-10707, CVE-2015-9251, CVE-2014-6071, CVE-2012-6708, CVE-2011-4969, CVE-2007-2379, CVE-2021-34559, CVE-2021-34560, CVE-2021-34561, CVE-2021-34562, CVE-2021-34563, CVE-2021-34565 |
| 3.0.9 | CVE-2021-34560, CVE-2021-34563, CVE-2021-34564, CVE-2013-0169, CVE-2021-34565 |
Mitigation: An external protective measure is required.
Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
Isolate affected products from the corporate network.
If remote access is required, use secure methods such as virtual private networks (VPNs).
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
9.8 (Critical)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.
8.8 (High)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
7.5 (High)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
7.5 (High)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containingelements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove some extra chars which results in the enclosed script logic to be executed.
6.1 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
5.5 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
5.5 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
5.3 (Medium)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
4.3 ()
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.
CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
9.8 (Critical)
Mitigation
An external protective measure is required.
- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.
- Isolate affected products from the corporate network.
- If remote access is required, use secure methods such as virtual private networks (VPNs).
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1.\n\nThe impact of the vulnerabilities on the affected device may result in\n\n- denial of service\n- remote code execution\n- code exposure",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs: Analyzed and Identified Affected Devices\n\nRemote attackers may exploit the vulnerability by sending specially crafted packages that may result in a denial-of-service condition or code execution.\n\n| Firmware Version | Affected by |\n|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 3.0.7 | CVE-2020-11023, CVE-2020-11022, CVE-2020-7656, CVE-2019-11358, CVE-2016-10707, CVE-2015-9251, CVE-2014-6071, CVE-2012-6708, CVE-2011-4969, CVE-2007-2379, CVE-2021-33555, CVE-2021-34559, CVE-2021-34560, CVE-2021-34561, CVE-2021-34565 |\n| 3.0.8 | CVE-2020-11023, CVE-2020-11022, CVE-2020-7656, CVE-2019-11358, CVE-2016-10707, CVE-2015-9251, CVE-2014-6071, CVE-2012-6708, CVE-2011-4969, CVE-2007-2379, CVE-2021-34559, CVE-2021-34560, CVE-2021-34561, CVE-2021-34562, CVE-2021-34563, CVE-2021-34565 |\n| 3.0.9 | CVE-2021-34560, CVE-2021-34563, CVE-2021-34564, CVE-2013-0169, CVE-2021-34565 |",
"title": "Impact"
},
{
"category": "description",
"text": "An external protective measure is required.\n\nMinimize network exposure for affected products and ensure that they are not accessible via the Internet.\nIsolate affected products from the corporate network.\nIf remote access is required, use secure methods such as virtual private networks (VPNs).",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "external",
"summary": "Pepperl+Fuchs advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2021-027: Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-027"
},
{
"category": "self",
"summary": "VDE-2021-027: Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-027.json"
}
],
"title": "Pepperl+Fuchs: WirelessHART-Gateway - Vulnerability may allow remote attackers to cause a Denial Of Service",
"tracking": {
"aliases": [
"VDE-2021-027"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-06T14:11:17.998Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2021-027",
"initial_release_date": "2021-10-16T12:00:00.001Z",
"revision_history": [
{
"date": "2021-10-16T12:00:00.001Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "2",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"217229"
]
}
}
},
{
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"217229"
]
}
}
},
{
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"217229"
]
}
}
},
{
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"252863"
]
}
}
},
{
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"252863"
]
}
}
},
{
"category": "product_name",
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product": {
"name": "WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"252863"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version",
"name": "3.0.7",
"product": {
"name": "Firmware 3.0.7",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "3.0.8",
"product": {
"name": "Firmware 3.0.8",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "3.0.9",
"product": {
"name": "Firmware 3.0.9",
"product_id": "CSAFPID-21003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.0.7 installed on WHA-GW-F2D2-0-AS- Z2-ETH",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.0.8 installed on WHA-GW-F2D2-0-AS- Z2-ETH",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.0.9 installed on WHA-GW-F2D2-0-AS- Z2-ETH",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.0.7 installed on WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.0.8 installed on WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.0.9 installed on WHA-GW-F2D2-0-AS- Z2-ETH.EIP",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34565",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-34565"
},
{
"cve": "CVE-2021-34561",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway \u003c= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target\u0027s browser.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-34561"
},
{
"cve": "CVE-2016-10707",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2016-10707"
},
{
"cve": "CVE-2021-33555",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway \u003c= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-33555"
},
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2014-6071",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2014-6071"
},
{
"cve": "CVE-2012-6708",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the \u0027\u003c\u0027 character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the \u0027\u003c\u0027 character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2012-6708"
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2021-34562",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application\u0027s response.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-34562"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containingelements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove some extra chars which results in the enclosed script logic to be executed.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2020-7656"
},
{
"cve": "CVE-2021-34560",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway \u003c= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user\u0027s computer. Therefore the user must have logged in at least once.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-34560"
},
{
"cve": "CVE-2021-34564",
"cwe": {
"id": "CWE-315",
"name": "Cleartext Storage of Sensitive Information in a Cookie"
},
"notes": [
{
"category": "description",
"text": "Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user\u0027s credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-34564"
},
{
"cve": "CVE-2021-34559",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway \u003c= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-34559"
},
{
"cve": "CVE-2007-2379",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\"",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5,
"confidentialityImpact": "PARTIAL",
"environmentalScore": 5,
"integrityImpact": "NONE",
"temporalScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2007-2379"
},
{
"cve": "CVE-2011-4969",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"integrityImpact": "PARTIAL",
"temporalScore": 4.3,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2011-4969"
},
{
"cve": "CVE-2021-34563",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie\u0027s value to be read or set by client-side JavaScript.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.3,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 3.3,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-34563"
},
{
"cve": "CVE-2013-0169",
"notes": [
{
"category": "description",
"text": "In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n- Minimize network exposure for affected products and ensure that they are not accessible via the Internet.\n- Isolate affected products from the corporate network.\n- If remote access is required, use secure methods such as virtual private networks (VPNs).",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"environmentalScore": 2.6,
"integrityImpact": "NONE",
"temporalScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2013-0169"
}
]
}
WID-SEC-W-2022-1347
Vulnerability from csaf_certbund - Published: 2020-05-03 22:00 - Updated: 2025-07-21 22:00Summary
jQuery: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verfügung stellt.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - BIOS/Firmware
- F5 Networks
- Hardware Appliance
- Juniper Appliance
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Broadcom Brocade Switch
Broadcom
|
cpe:/h:brocade:switch:-
|
— | |
|
Open Source jQuery <3.5.0
Open Source / jQuery
|
<3.5.0 | ||
|
Tenable Security Nessus Network Monitor
Tenable Security
|
cpe:/a:tenable:nessus_network_monitor:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP9
IBM / QRadar SIEM
|
<7.5.0 UP9 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Tenable Security Nessus
Tenable Security / Nessus
|
cpe:/a:tenable:nessus:-
|
— | |
|
HCL BigFix
HCL
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
Palo Alto Networks PAN-OS
Palo Alto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
HPE Fabric OS <9.0.1a
HPE / Fabric OS
|
<9.0.1a | ||
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM QRadar SIEM <7.5.0 UP11 IF04
IBM / QRadar SIEM
|
<7.5.0 UP11 IF04 | ||
|
Juniper Junos Space <24.1R2
Juniper / Junos Space
|
<24.1R2 | ||
|
Tenable Security Nessus <10.5.0
Tenable Security / Nessus
|
<10.5.0 | ||
|
EMC NetWorker <19.4
EMC / NetWorker
|
<19.4 | ||
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
IBM Maximo Asset Management 7.6.1.2
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1.2
|
7.6.1.2 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Discovery
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:discovery
|
Discovery | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
Red Hat Enterprise Linux Service Interconnect 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:service_interconnect_1
|
Service Interconnect 1 | |
|
IBM QRadar SIEM <7.5.0 UP11 IF03
IBM / QRadar SIEM
|
<7.5.0 UP11 IF03 | ||
|
HPE Switch
HPE
|
cpe:/h:hp:switch:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Logging <5.9.12
Red Hat / OpenShift
|
Logging <5.9.12 | ||
|
IBM Storage Scale
IBM
|
cpe:/a:ibm:spectrum_scale:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SolarWinds Orion
SolarWinds
|
cpe:/a:solarwinds:orion_core_services:-
|
— | |
|
SolarWinds Platform <2023.3
SolarWinds / Platform
|
<2023.3 | ||
|
Moxa Switch <PT-G503 v5.3
Moxa / Switch
|
<PT-G503 v5.3 | ||
|
Red Hat OpenShift Logging <5.8.18
Red Hat / OpenShift
|
Logging <5.8.18 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <=4.2.0.15
IBM / Tivoli Network Manager
|
IP Edition <=4.2.0.15 |
Affected products
Known affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Broadcom Brocade Switch
Broadcom
|
cpe:/h:brocade:switch:-
|
— | |
|
Open Source jQuery <3.5.0
Open Source / jQuery
|
<3.5.0 | ||
|
Tenable Security Nessus Network Monitor
Tenable Security
|
cpe:/a:tenable:nessus_network_monitor:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP9
IBM / QRadar SIEM
|
<7.5.0 UP9 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Tenable Security Nessus
Tenable Security / Nessus
|
cpe:/a:tenable:nessus:-
|
— | |
|
HCL BigFix
HCL
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
Palo Alto Networks PAN-OS
Palo Alto Networks
|
cpe:/o:paloaltonetworks:pan-os:-
|
— | |
|
HPE Fabric OS <9.0.1a
HPE / Fabric OS
|
<9.0.1a | ||
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM QRadar SIEM <7.5.0 UP11 IF04
IBM / QRadar SIEM
|
<7.5.0 UP11 IF04 | ||
|
Juniper Junos Space <24.1R2
Juniper / Junos Space
|
<24.1R2 | ||
|
Tenable Security Nessus <10.5.0
Tenable Security / Nessus
|
<10.5.0 | ||
|
EMC NetWorker <19.4
EMC / NetWorker
|
<19.4 | ||
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
IBM Maximo Asset Management 7.6.1.2
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1.2
|
7.6.1.2 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Discovery
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:discovery
|
Discovery | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
Red Hat Enterprise Linux Service Interconnect 1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:service_interconnect_1
|
Service Interconnect 1 | |
|
IBM QRadar SIEM <7.5.0 UP11 IF03
IBM / QRadar SIEM
|
<7.5.0 UP11 IF03 | ||
|
HPE Switch
HPE
|
cpe:/h:hp:switch:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Logging <5.9.12
Red Hat / OpenShift
|
Logging <5.9.12 | ||
|
IBM Storage Scale
IBM
|
cpe:/a:ibm:spectrum_scale:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SolarWinds Orion
SolarWinds
|
cpe:/a:solarwinds:orion_core_services:-
|
— | |
|
SolarWinds Platform <2023.3
SolarWinds / Platform
|
<2023.3 | ||
|
Moxa Switch <PT-G503 v5.3
Moxa / Switch
|
<PT-G503 v5.3 | ||
|
Red Hat OpenShift Logging <5.8.18
Red Hat / OpenShift
|
Logging <5.8.18 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Network Manager IP Edition <=4.2.0.15
IBM / Tivoli Network Manager
|
IP Edition <=4.2.0.15 |
References
116 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- F5 Networks\n- Hardware Appliance\n- Juniper Appliance\n- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1347 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-1347.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1347 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1347"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-gxr4-xjj5-5px2 vom 2020-04-30",
"url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-jpcq-cgw6-v4j6 vom 2020-04-30",
"url": "https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"
},
{
"category": "external",
"summary": "Drupal Security Advisory SA-CORE-2020-002 vom 2020-05-20",
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4693 vom 2020-05-27",
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2217 vom 2020-05-28",
"url": "https://access.redhat.com/errata/RHSA-2020:2217"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2362 vom 2020-06-02",
"url": "https://access.redhat.com/errata/RHSA-2020:2362"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2813 vom 2020-07-02",
"url": "https://access.redhat.com/errata/RHSA-2020:2813"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-SA-2020-0007 vom 2020-07-08",
"url": "https://security.paloaltonetworks.com/PAN-SA-2020-0007"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2412 vom 2020-07-13",
"url": "https://access.redhat.com/errata/RHSA-2020:2412"
},
{
"category": "external",
"summary": "GENTOO Security Advisory GLSA-202007-03 vom 2020-07-27",
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"category": "external",
"summary": "F5 Security Advisory K66544153 vom 2020-08-03",
"url": "https://support.f5.com/csp/article/K66544153"
},
{
"category": "external",
"summary": "F5 Security Advisory K02453220 vom 2020-08-03",
"url": "https://support.f5.com/csp/article/K02453220"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3247 vom 2020-08-04",
"url": "https://access.redhat.com/errata/RHSA-2020:3247"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3369 vom 2020-08-06",
"url": "https://access.redhat.com/errata/RHSA-2020:3369"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2292-1 vom 2020-08-21",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007286.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2292-1 vom 2020-08-21",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007287.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2373-1 vom 2020-08-28",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007315.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2373-1 vom 2020-08-28",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-August/007314.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2650-1 vom 2020-09-16",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007435.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2020:2650-1 vom 2020-09-16",
"url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007436.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3807 vom 2020-09-23",
"url": "https://access.redhat.com/errata/RHSA-2020:3807"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:3936 vom 2020-09-29",
"url": "https://access.redhat.com/errata/RHSA-2020:3936"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4211 vom 2020-10-08",
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "external",
"summary": "OTRS Security Advisory OSA-2020-14 vom 2020-10-12",
"url": "https://community.otrs.com/security-advisory-2020-14/"
},
{
"category": "external",
"summary": "HCL Article KB0084264 vom 2020-10-14",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0084264"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://de.tenable.com/security/tns-2020-10"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:5412 vom 2020-12-15",
"url": "https://access.redhat.com/errata/RHSA-2020:5412"
},
{
"category": "external",
"summary": "EMC Security Advisory DSA-2020-262 vom 2021-01-16",
"url": "https://www.dell.com/support/kbdoc/en-us/000180924/dsa-2020-262-dell-emc-networker-security-update-for-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "Tenable Security Advisory",
"url": "https://de.tenable.com/security/tns-2021-02"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0778 vom 2021-03-09",
"url": "https://access.redhat.com/errata/RHSA-2021:0778"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:0860 vom 2021-03-16",
"url": "https://access.redhat.com/errata/RHSA-2021:0860"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-0860 vom 2021-03-19",
"url": "https://linux.oracle.com/errata/ELSA-2021-0860.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2608 vom 2021-03-26",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2021-1626 vom 2021-04-22",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1626.html"
},
{
"category": "external",
"summary": "Brocade Security Advisory",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-972"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:1846 vom 2021-05-18",
"url": "https://access.redhat.com/errata/RHSA-2021:1846"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2020-973 vom 2021-05-20",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2020-973"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04175en_us"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9400 vom 2021-08-09",
"url": "https://linux.oracle.com/errata/ELSA-2021-9400.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4142 vom 2021-11-09",
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9552 vom 2021-11-19",
"url": "https://linux.oracle.com/errata/ELSA-2021-9552.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9177 vom 2022-03-01",
"url": "https://linux.oracle.com/errata/ELSA-2022-9177.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6393 vom 2022-09-08",
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
},
{
"category": "external",
"summary": "SolarWinds Platform 2022.3 Release Notes",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2022-3_release_notes.htm"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6852773 vom 2023-01-05",
"url": "https://www.ibm.com/support/pages/node/6852773"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2023-09 vom 2023-03-02",
"url": "https://www.tenable.com/security/tns-2023-09"
},
{
"category": "external",
"summary": "SolarWinds Platform 2023.3 Release Notes",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7060517 vom 2023-10-26",
"url": "https://www.ibm.com/support/pages/node/7060517"
},
{
"category": "external",
"summary": "Moxa Security Advisory MPSA-230203 vom 2023-11-02",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230203-pt-g503-series-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7160134 vom 2024-07-12",
"url": "https://www.ibm.com/support/pages/node/7160134"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178266 vom 2024-12-09",
"url": "https://www.ibm.com/support/pages/node/7178266"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA92874 vom 2024-01-09",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2025-01-23",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7246-1 vom 2025-01-30",
"url": "https://ubuntu.com/security/notices/USN-7246-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1070 vom 2025-02-05",
"url": "https://access.redhat.com/errata/RHSA-2025:1070"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1185 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1185"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1209 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1209"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1210 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1210"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1212 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1212"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1211 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1211"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1213 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1213"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1214 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1216 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1216"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1217 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1217"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1215 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1215"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1249 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1249"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1210 vom 2025-02-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-1210.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1255 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1255"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1215 vom 2025-02-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-1215.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1247 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1247"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1256 vom 2025-02-10",
"url": "https://access.redhat.com/errata/RHSA-2025:1256"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1304 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1304"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1329 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1329"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1346 vom 2025-02-12",
"url": "https://access.redhat.com/errata/RHSA-2025:1346"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1300 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1300"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1306 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1306"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1338 vom 2025-02-12",
"url": "https://access.redhat.com/errata/RHSA-2025:1338"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1308 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1308"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1312 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1312"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1303 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1303"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1310 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1310"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1305 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1305"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1315 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1315"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1314 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1314"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1301 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1301"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1309 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1342 vom 2025-02-12",
"url": "https://access.redhat.com/errata/RHSA-2025:1342"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1311 vom 2025-02-11",
"url": "https://access.redhat.com/errata/RHSA-2025:1311"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1300 vom 2025-02-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-1300.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1301 vom 2025-02-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-1301.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1309 vom 2025-02-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-1309.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1306 vom 2025-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2025-1306.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1314 vom 2025-02-13",
"url": "https://errata.build.resf.org/RLSA-2025:1314"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1215 vom 2025-02-13",
"url": "https://errata.build.resf.org/RLSA-2025:1215"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1338 vom 2025-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2025-1338.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1346 vom 2025-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2025-1346.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1515 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1515"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1514 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1514"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1601 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1601"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1580 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1580"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1329 vom 2025-02-19",
"url": "https://linux.oracle.com/errata/ELSA-2025-1329.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1983 vom 2025-03-05",
"url": "https://access.redhat.com/errata/RHSA-2025:1983"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2426 vom 2025-03-06",
"url": "https://access.redhat.com/errata/RHSA-2025:2426"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1985 vom 2025-03-05",
"url": "https://access.redhat.com/errata/RHSA-2025:1985"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7185353 vom 2025-03-11",
"url": "https://www.ibm.com/support/pages/node/7185353"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1601 vom 2025-03-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-1601.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7228945"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release?language=en_US"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4005 vom 2025-04-17",
"url": "https://access.redhat.com/errata/RHSA-2025:4005"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7231915 vom 2025-04-26",
"url": "https://www.ibm.com/support/pages/node/7231915"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7233394 vom 2025-05-14",
"url": "https://www.ibm.com/support/pages/node/7233394"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8278 vom 2025-05-29",
"url": "https://rhn.redhat.com/errata/RHSA-2025:8278.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7622-1 vom 2025-07-08",
"url": "https://ubuntu.com/security/notices/USN-7622-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7658-1 vom 2025-07-21",
"url": "https://ubuntu.com/security/notices/USN-7658-1"
}
],
"source_lang": "en-US",
"title": "jQuery: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2025-07-21T22:00:00.000+00:00",
"generator": {
"date": "2025-07-22T07:36:57.184+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-1347",
"initial_release_date": "2020-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-05-21T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Drupal aufgenommen"
},
{
"date": "2020-05-24T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: FEDORA-2020-11BE4B36D4"
},
{
"date": "2020-05-26T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2020-05-27T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-06-02T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-06-07T22:00:00.000+00:00",
"number": "7",
"summary": "Referenz(en) aufgenommen: FEDORA-2020-36D2DB5F51"
},
{
"date": "2020-07-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-08T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Informationen von Palo Alto Networks aufgenommen"
},
{
"date": "2020-07-13T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-07-26T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von GENTOO aufgenommen"
},
{
"date": "2020-08-03T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2020-08-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-08-06T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-08-23T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-08-30T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-09-06T22:00:00.000+00:00",
"number": "17",
"summary": "Referenz(en) aufgenommen: FEDORA-2020-FBB94073A1"
},
{
"date": "2020-09-16T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2020-09-23T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-09-29T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-10-07T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-10-11T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von OTRS aufgenommen"
},
{
"date": "2020-10-14T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2020-12-07T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2020-12-15T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-01-17T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von EMC aufgenommen"
},
{
"date": "2021-02-17T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2021-03-09T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-03-16T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-03-18T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-03-25T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-04-21T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2021-05-16T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2021-05-18T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-05-20T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2021-07-18T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2021-08-09T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-11-18T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-02-28T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-09-08T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-28T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-01-05T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-02T23:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-02T23:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von moxa aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-12-09T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "51",
"summary": "CVE-2020-11023 wird ausgenutzt"
},
{
"date": "2025-01-30T23:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-02-05T23:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-09T23:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-10T23:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-02-11T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-02-16T23:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-17T23:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-03-24T23:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-10T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-07T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "72"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Broadcom Brocade Switch",
"product": {
"name": "Broadcom Brocade Switch",
"product_id": "T015844",
"product_identification_helper": {
"cpe": "cpe:/h:brocade:switch:-"
}
}
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.4",
"product": {
"name": "EMC NetWorker \u003c19.4",
"product_id": "T018107"
}
},
{
"category": "product_version",
"name": "19.4",
"product": {
"name": "EMC NetWorker 19.4",
"product_id": "T018107-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:emc:networker:19.4"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.1a",
"product": {
"name": "HPE Fabric OS \u003c9.0.1a",
"product_id": "T019354"
}
},
{
"category": "product_version",
"name": "9.0.1a",
"product": {
"name": "HPE Fabric OS 9.0.1a",
"product_id": "T019354-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:hpe:fabric_os:v9.0.1a"
}
}
}
],
"category": "product_name",
"name": "Fabric OS"
},
{
"category": "product_name",
"name": "HPE Switch",
"product": {
"name": "HPE Switch",
"product_id": "T005119",
"product_identification_helper": {
"cpe": "cpe:/h:hp:switch:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.6.1.2",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.2",
"product_id": "812526",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP9",
"product_id": "T036127"
}
},
{
"category": "product_version",
"name": "7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP9",
"product_id": "T036127-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP11 IF03",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF03",
"product_id": "T041724"
}
},
{
"category": "product_version",
"name": "7.5.0 UP11 IF03",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP11 IF03",
"product_id": "T041724-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if03"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP11 IF04",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF04",
"product_id": "T043169"
}
},
{
"category": "product_version",
"name": "7.5.0 UP11 IF04",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP11 IF04",
"product_id": "T043169-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if04"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP12",
"product_id": "T043784"
}
},
{
"category": "product_version",
"name": "7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP12",
"product_id": "T043784-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up12"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM Storage Scale",
"product": {
"name": "IBM Storage Scale",
"product_id": "T019402",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "IP Edition \u003c=4.2.0.15",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c=4.2.0.15",
"product_id": "T025750"
}
},
{
"category": "product_version_range",
"name": "IP Edition \u003c=4.2.0.15",
"product": {
"name": "IBM Tivoli Network Manager IP Edition \u003c=4.2.0.15",
"product_id": "T025750-fixed"
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R2",
"product": {
"name": "Juniper Junos Space \u003c24.1R2",
"product_id": "T040074"
}
},
{
"category": "product_version",
"name": "24.1R2",
"product": {
"name": "Juniper Junos Space 24.1R2",
"product_id": "T040074-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r2"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cPT-G503 v5.3",
"product": {
"name": "Moxa Switch \u003cPT-G503 v5.3",
"product_id": "T030907"
}
},
{
"category": "product_version",
"name": "PT-G503 v5.3",
"product": {
"name": "Moxa Switch PT-G503 v5.3",
"product_id": "T030907-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:moxa:switch:pt-g503_v5.3"
}
}
}
],
"category": "product_name",
"name": "Switch"
}
],
"category": "vendor",
"name": "Moxa"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.0",
"product": {
"name": "Open Source jQuery \u003c3.5.0",
"product_id": "T016413"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "Open Source jQuery 3.5.0",
"product_id": "T016413-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:jquery:jquery:3.5.0"
}
}
}
],
"category": "product_name",
"name": "jQuery"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Palo Alto Networks PAN-OS",
"product": {
"name": "Palo Alto Networks PAN-OS",
"product_id": "T012790",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:-"
}
}
}
],
"category": "vendor",
"name": "Palo Alto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Service Interconnect 1",
"product": {
"name": "Red Hat Enterprise Linux Service Interconnect 1",
"product_id": "T028472",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:service_interconnect_1"
}
}
},
{
"category": "product_version",
"name": "Discovery",
"product": {
"name": "Red Hat Enterprise Linux Discovery",
"product_id": "T040951",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:discovery"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Logging \u003c5.9.12",
"product": {
"name": "Red Hat OpenShift Logging \u003c5.9.12",
"product_id": "T041594"
}
},
{
"category": "product_version",
"name": "Logging 5.9.12",
"product": {
"name": "Red Hat OpenShift Logging 5.9.12",
"product_id": "T041594-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:logging__5.9.12"
}
}
},
{
"category": "product_version_range",
"name": "Logging \u003c5.8.18",
"product": {
"name": "Red Hat OpenShift Logging \u003c5.8.18",
"product_id": "T041595"
}
},
{
"category": "product_version",
"name": "Logging 5.8.18",
"product": {
"name": "Red Hat OpenShift Logging 5.8.18",
"product_id": "T041595-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:logging__5.8.18"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "16.2",
"product": {
"name": "Red Hat OpenStack 16.2",
"product_id": "T023999",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2"
}
}
}
],
"category": "product_name",
"name": "OpenStack"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "SolarWinds Orion",
"product": {
"name": "SolarWinds Orion",
"product_id": "T024734",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_core_services:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2023.3",
"product": {
"name": "SolarWinds Platform \u003c2023.3",
"product_id": "T028897"
}
},
{
"category": "product_version",
"name": "2023.3",
"product": {
"name": "SolarWinds Platform 2023.3",
"product_id": "T028897-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:solarwinds:orion_platform:2023.3"
}
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Tenable Security Nessus",
"product": {
"name": "Tenable Security Nessus",
"product_id": "T016399",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.5.0",
"product": {
"name": "Tenable Security Nessus \u003c10.5.0",
"product_id": "T026604"
}
},
{
"category": "product_version",
"name": "10.5.0",
"product": {
"name": "Tenable Security Nessus 10.5.0",
"product_id": "T026604-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.5.0"
}
}
}
],
"category": "product_name",
"name": "Nessus"
},
{
"category": "product_name",
"name": "Tenable Security Nessus Network Monitor",
"product": {
"name": "Tenable Security Nessus Network Monitor",
"product_id": "T016632",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:-"
}
}
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"product_status": {
"known_affected": [
"67646",
"T015844",
"T016413",
"T016632",
"T036127",
"T004914",
"T016399",
"T017494",
"T012790",
"T019354",
"T023999",
"T043784",
"T043169",
"T040074",
"T026604",
"T018107",
"T001663",
"812526",
"398363",
"T040951",
"T021398",
"T028472",
"T041724",
"T005119",
"T012167",
"T032255",
"T041594",
"T019402",
"2951",
"T002207",
"T000126",
"T024734",
"T028897",
"T030907",
"T041595"
],
"last_affected": [
"T025750"
]
},
"release_date": "2020-05-03T22:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"product_status": {
"known_affected": [
"67646",
"T015844",
"T016413",
"T016632",
"T036127",
"T004914",
"T016399",
"T017494",
"T012790",
"T019354",
"T023999",
"T043784",
"T043169",
"T040074",
"T026604",
"T018107",
"T001663",
"812526",
"398363",
"T040951",
"T021398",
"T028472",
"T041724",
"T005119",
"T012167",
"T032255",
"T041594",
"T019402",
"2951",
"T002207",
"T000126",
"T024734",
"T028897",
"T030907",
"T041595"
],
"last_affected": [
"T025750"
]
},
"release_date": "2020-05-03T22:00:00.000+00:00",
"title": "CVE-2020-11023"
}
]
}
WID-SEC-W-2023-0063
Vulnerability from csaf_certbund - Published: 2022-01-12 23:00 - Updated: 2025-10-08 22:00Summary
Juniper Junos Space: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.
Angriff: Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen und seine Privilegien zu erweitern.
Betroffene Betriebssysteme: - Juniper Appliance
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Juniper Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0063 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0063.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0063 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0063"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2022-01-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11287\u0026cat=SIRT_1"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA70182 vom 2023-01-12",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA103138 vom 2024-10-08",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
}
],
"source_lang": "en-US",
"title": "Juniper Junos Space: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-08T22:00:00.000+00:00",
"generator": {
"date": "2025-10-09T07:39:55.488+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-0063",
"initial_release_date": "2022-01-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-01-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-11T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2025-10-08T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Juniper aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Juniper Contrail Service Orchestration",
"product": {
"name": "Juniper Contrail Service Orchestration",
"product_id": "T025794",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:contrail_service_orchestration:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c21.3R1",
"product": {
"name": "Juniper Junos Space \u003c21.3R1",
"product_id": "T021576"
}
},
{
"category": "product_version",
"name": "21.3R1",
"product": {
"name": "Juniper Junos Space 21.3R1",
"product_id": "T021576-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:21.3r1"
}
}
},
{
"category": "product_version_range",
"name": "Security Director \u003c24.1R4",
"product": {
"name": "Juniper Junos Space Security Director \u003c24.1R4",
"product_id": "T047484"
}
},
{
"category": "product_version",
"name": "Security Director 24.1R4",
"product": {
"name": "Juniper Junos Space Security Director 24.1R4",
"product_id": "T047484-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r4::security_director"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17543",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2019-17543"
},
{
"cve": "CVE-2019-20934",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2019-20934"
},
{
"cve": "CVE-2020-0543",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-0543"
},
{
"cve": "CVE-2020-0548",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-0548"
},
{
"cve": "CVE-2020-0549",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-0549"
},
{
"cve": "CVE-2020-11022",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-11668",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-11984",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11984"
},
{
"cve": "CVE-2020-11993",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11993"
},
{
"cve": "CVE-2020-12362",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-12362"
},
{
"cve": "CVE-2020-12363",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-12363"
},
{
"cve": "CVE-2020-12364",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-12364"
},
{
"cve": "CVE-2020-1927",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-1927"
},
{
"cve": "CVE-2020-1934",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-1934"
},
{
"cve": "CVE-2020-24489",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-27170",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-27170"
},
{
"cve": "CVE-2020-27777",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-29443",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-29443"
},
{
"cve": "CVE-2020-8625",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8625"
},
{
"cve": "CVE-2020-8648",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8648"
},
{
"cve": "CVE-2020-8695",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8695"
},
{
"cve": "CVE-2020-8696",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8696"
},
{
"cve": "CVE-2020-8698",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8698"
},
{
"cve": "CVE-2020-9490",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-9490"
},
{
"cve": "CVE-2021-20254",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-20254"
},
{
"cve": "CVE-2021-22555",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-22555"
},
{
"cve": "CVE-2021-22901",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-2341",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2341"
},
{
"cve": "CVE-2021-2342",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2342"
},
{
"cve": "CVE-2021-2356",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2356"
},
{
"cve": "CVE-2021-2369",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2369"
},
{
"cve": "CVE-2021-2372",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2372"
},
{
"cve": "CVE-2021-2385",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2385"
},
{
"cve": "CVE-2021-2388",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2388"
},
{
"cve": "CVE-2021-2389",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2389"
},
{
"cve": "CVE-2021-2390",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2390"
},
{
"cve": "CVE-2021-25214",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-25214"
},
{
"cve": "CVE-2021-25217",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-25217"
},
{
"cve": "CVE-2021-27219",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-27219"
},
{
"cve": "CVE-2021-29154",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-29154"
},
{
"cve": "CVE-2021-29650",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-29650"
},
{
"cve": "CVE-2021-31535",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-31535"
},
{
"cve": "CVE-2021-32399",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-32399"
},
{
"cve": "CVE-2021-33033",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-33033"
},
{
"cve": "CVE-2021-33034",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-33034"
},
{
"cve": "CVE-2021-3347",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3347"
},
{
"cve": "CVE-2021-33909",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-33909"
},
{
"cve": "CVE-2021-3653",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3653"
},
{
"cve": "CVE-2021-3656",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3656"
},
{
"cve": "CVE-2021-3715",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3715"
},
{
"cve": "CVE-2021-37576",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-37576"
},
{
"cve": "CVE-2021-4104",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-4104"
},
{
"cve": "CVE-2021-42550",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-42550"
},
{
"cve": "CVE-2021-44228",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-44228"
},
{
"cve": "CVE-2021-45046",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-45046"
}
]
}
WID-SEC-W-2023-0239
Vulnerability from csaf_certbund - Published: 2023-01-31 23:00 - Updated: 2025-06-24 22:00Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuführen, ein Cross-Site-Scritping-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift container platform 4.0.51
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.0.51
|
container platform 4.0.51 | |
|
Red Hat JBoss Enterprise Application Platform <7.4.9
Red Hat / JBoss Enterprise Application Platform
|
<7.4.9 | ||
|
Red Hat JBoss Enterprise Application Platform <7.1.9
Red Hat / JBoss Enterprise Application Platform
|
<7.1.9 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Red Hat JBoss A-MQ Streams <2.4.0
Red Hat / JBoss A-MQ
|
Streams <2.4.0 | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 |
References
26 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode auszuf\u00fchren, ein Cross-Site-Scritping-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0239 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0239.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0239 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0239"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0552 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0553 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0554 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0554"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0556 vom 2023-01-31",
"url": "https://access.redhat.com/errata/RHSA-2023:0556"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0560 vom 2023-02-08",
"url": "https://access.redhat.com/errata/RHSA-2023:0560"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0713 vom 2023-02-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1044"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
"url": "https://access.redhat.com/errata/RHSA-2023:1045"
},
{
"category": "external",
"summary": "F5 Security Advisory K48382137 vom 2023-04-21",
"url": "https://my.f5.com/manage/s/article/K48382137"
},
{
"category": "external",
"summary": "F5 Security Advisory K05380109 vom 2023-04-20",
"url": "https://my.f5.com/manage/s/article/K05380109"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3223 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:3223"
},
{
"category": "external",
"summary": "Hitachi Software Vulnerability Information hitachi-sec-2023-116 vom 2023-05-23",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-116/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05",
"url": "https://access.redhat.com/errata/RHSA-2023:4983"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-143 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23",
"url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-="
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1027 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2024:1027"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1746 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1747 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4437 vom 2025-05-05",
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9583 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9582 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-24T22:00:00.000+00:00",
"generator": {
"date": "2025-06-25T11:35:50.369+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-0239",
"initial_release_date": "2023-01-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-01T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-20T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-09-05T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2023-12-26T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-02-28T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003cCommon Services 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cCommon Services 10.9.3-00",
"product_id": "T030195"
}
},
{
"category": "product_version",
"name": "Common Services 10.9.3-00",
"product": {
"name": "Hitachi Ops Center Common Services 10.9.3-00",
"product_id": "T030195-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:common_services_10.9.3-00"
}
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Streams \u003c2.4.0",
"product": {
"name": "Red Hat JBoss A-MQ Streams \u003c2.4.0",
"product_id": "T027764"
}
},
{
"category": "product_version",
"name": "Streams 2.4.0",
"product": {
"name": "Red Hat JBoss A-MQ Streams 2.4.0",
"product_id": "T027764-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:streams_2.4.0"
}
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.9",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.9",
"product_id": "T026073"
}
},
{
"category": "product_version",
"name": "7.4.9",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.9",
"product_id": "T026073-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.12",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.12",
"product_id": "T041369"
}
},
{
"category": "product_version",
"name": "7.3.12",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.12",
"product_id": "T041369-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.1.9",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.1.9",
"product_id": "T041370"
}
},
{
"category": "product_version",
"name": "7.1.9",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1.9",
"product_id": "T041370-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.13",
"product_id": "T043288"
}
},
{
"category": "product_version",
"name": "7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.13",
"product_id": "T043288-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.13"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "container platform 4.0.51",
"product": {
"name": "Red Hat OpenShift container platform 4.0.51",
"product_id": "T026183",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.0.51"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-9251",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2016-10735",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2016-10735"
},
{
"cve": "CVE-2017-18214",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2017-18214"
},
{
"cve": "CVE-2018-14040",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14040"
},
{
"cve": "CVE-2018-14041",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14041"
},
{
"cve": "CVE-2018-14042",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2018-14042"
},
{
"cve": "CVE-2019-11358",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2019-8331",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2019-8331"
},
{
"cve": "CVE-2020-11022",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2022-3143",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-3143"
},
{
"cve": "CVE-2022-40149",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40149"
},
{
"cve": "CVE-2022-40150",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40152",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-45047",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-45047"
},
{
"cve": "CVE-2022-45693",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-45693"
},
{
"cve": "CVE-2022-46364",
"product_status": {
"known_affected": [
"T026183",
"T026073",
"T041370",
"67646",
"T001663",
"T027764",
"T041369",
"T030195",
"T017562",
"T043288"
]
},
"release_date": "2023-01-31T23:00:00.000+00:00",
"title": "CVE-2022-46364"
}
]
}
WID-SEC-W-2024-1872
Vulnerability from csaf_certbund - Published: 2021-07-25 22:00 - Updated: 2024-08-15 22:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Es existiert eine Schwachstelle in IBM QRadar SIEM. Der Fehler besteht aufgrund der Verwendung eines schwachen kryptografischen Algorithmus. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen und einen Cross-Site-Scripting-Angriff durchzuführen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder authentifizierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1872 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2024-1872.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1872 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1872"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2021-07-25",
"url": "https://www.ibm.com/support/pages/node/6474847"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2021-07-25",
"url": "https://www.ibm.com/support/pages/node/6474843"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7165686 vom 2024-08-16",
"url": "https://www.ibm.com/support/pages/node/7165686"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-08-15T22:00:00.000+00:00",
"generator": {
"date": "2024-08-16T10:07:42.475+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1872",
"initial_release_date": "2021-07-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-07-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-08-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.3 Patch 1",
"product": {
"name": "IBM QRadar SIEM \u003c7.4.3 Patch 1",
"product_id": "T019825"
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.3 Patch 9",
"product": {
"name": "IBM QRadar SIEM \u003c7.3.3 Patch 9",
"product_id": "T019964"
}
},
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20337",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in IBM QRadar SIEM. Der Fehler besteht aufgrund der Verwendung eines schwachen kryptografischen Algorithmus. Ein entfernter anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2021-20337"
},
{
"cve": "CVE-2015-9251",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2019-11358",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2020-11022",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-11987",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-11987"
},
{
"cve": "CVE-2020-13954",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-13954"
},
{
"cve": "CVE-2020-13956",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2020-8908",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2021-28657",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Guava, Apache XML Graphics Batik, Apache HttpClient, Apache CXF, jQuery und Apache Tika. Ein entfernter anonymer oder authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, einen Denial-of-Service-Zustand auszul\u00f6sen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T022954"
]
},
"release_date": "2021-07-25T22:00:00.000+00:00",
"title": "CVE-2021-28657"
}
]
}
WID-SEC-W-2024-3217
Vulnerability from csaf_certbund - Published: 2024-10-15 22:00 - Updated: 2024-10-15 22:00Summary
Oracle Utilities Applications: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Sonstiges
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "LOW" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
4.5.0.0.0 | |
|
Oracle Utilities Applications 2.5.0.1.14
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.14
|
2.5.0.1.14 | |
|
Oracle Utilities Applications 2.5.0.2.8
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.8
|
2.5.0.2.8 | |
|
Oracle Utilities Applications 2.6.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.5
|
2.6.0.1.5 | |
|
Oracle Utilities Applications 4.0.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.0.0
|
4.0.0.0.0 | |
|
Oracle Utilities Applications 4.0.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.2.0
|
4.0.0.2.0 | |
|
Oracle Utilities Applications 4.0.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.3.0
|
4.0.0.3.0 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "LOW" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
4.5.0.0.0 | |
|
Oracle Utilities Applications 2.5.0.1.14
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.14
|
2.5.0.1.14 | |
|
Oracle Utilities Applications 2.5.0.2.8
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.8
|
2.5.0.2.8 | |
|
Oracle Utilities Applications 2.6.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.5
|
2.6.0.1.5 | |
|
Oracle Utilities Applications 4.0.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.0.0
|
4.0.0.0.0 | |
|
Oracle Utilities Applications 4.0.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.2.0
|
4.0.0.2.0 | |
|
Oracle Utilities Applications 4.0.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.3.0
|
4.0.0.3.0 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "LOW" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
4.5.0.0.0 | |
|
Oracle Utilities Applications 2.5.0.1.14
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1.14
|
2.5.0.1.14 | |
|
Oracle Utilities Applications 2.5.0.2.8
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2.8
|
2.5.0.2.8 | |
|
Oracle Utilities Applications 2.6.0.1.5
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.6.0.1.5
|
2.6.0.1.5 | |
|
Oracle Utilities Applications 4.0.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.0.0
|
4.0.0.0.0 | |
|
Oracle Utilities Applications 4.0.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.2.0
|
4.0.0.2.0 | |
|
Oracle Utilities Applications 4.0.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.0.0.3.0
|
4.0.0.3.0 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <=4.3.0.6.0
Oracle / Utilities Applications
|
<=4.3.0.6.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3217 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3217.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3217 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3217"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Utilities Applications vom 2024-10-15",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixUTIL"
}
],
"source_lang": "en-US",
"title": "Oracle Utilities Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-15T22:00:00.000+00:00",
"generator": {
"date": "2024-10-16T11:15:15.331+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3217",
"initial_release_date": "2024-10-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "4.0.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.0.0.0.0",
"product_id": "T038412",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.0.0.0.0"
}
}
},
{
"category": "product_version",
"name": "4.0.0.2.0",
"product": {
"name": "Oracle Utilities Applications 4.0.0.2.0",
"product_id": "T038413",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.0.0.2.0"
}
}
},
{
"category": "product_version",
"name": "4.0.0.3.0",
"product": {
"name": "Oracle Utilities Applications 4.0.0.3.0",
"product_id": "T038414",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.0.0.3.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.3.0.6.0",
"product_id": "T038415"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications \u003c=4.3.0.6.0",
"product_id": "T038415-fixed"
}
},
{
"category": "product_version",
"name": "4.5.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.5.0.0.0",
"product_id": "T038416",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.5.0.0.0"
}
}
},
{
"category": "product_version",
"name": "2.5.0.1.14",
"product": {
"name": "Oracle Utilities Applications 2.5.0.1.14",
"product_id": "T038417",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.1.14"
}
}
},
{
"category": "product_version",
"name": "2.5.0.2.8",
"product": {
"name": "Oracle Utilities Applications 2.5.0.2.8",
"product_id": "T038418",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.2.8"
}
}
},
{
"category": "product_version",
"name": "2.6.0.1.5",
"product": {
"name": "Oracle Utilities Applications 2.6.0.1.5",
"product_id": "T038419",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.6.0.1.5"
}
}
}
],
"category": "product_name",
"name": "Utilities Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"LOW\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T038416",
"T038417",
"T038418",
"T038419",
"T038412",
"T038413",
"T038414"
],
"last_affected": [
"T038415"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2021-41184",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"LOW\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T038416",
"T038417",
"T038418",
"T038419",
"T038412",
"T038413",
"T038414"
],
"last_affected": [
"T038415"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"LOW\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T038416",
"T038417",
"T038418",
"T038419",
"T038412",
"T038413",
"T038414"
],
"last_affected": [
"T038415"
]
},
"release_date": "2024-10-15T22:00:00.000+00:00",
"title": "CVE-2024-29025"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…