CVE-2020-1945 (GCVE-0-2020-1945)

Vulnerability from cvelistv5 – Published: 2020-05-14 15:57 – Updated: 2024-08-04 06:54

Summary

Severity ?

No CVSS data available.

CWE

insecure temporary file vulnerability

Assigner

apache

References

URL

	Vendor	Product	Version
	n/a	Apache Ant	Affected: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7

RHSA-2020:4961

Vulnerability from csaf_redhat - Published: 2020-11-05 18:48 - Updated: 2026-01-08 12:27

Summary

Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update

Notes

Topic

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * ant: insecure temporary file vulnerability (CVE-2020-1945) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875) * mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:4961",
        "url": "https://access.redhat.com/errata/RHSA-2020:4961"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhpam\u0026version=7.9.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/"
      },
      {
        "category": "external",
        "summary": "1666499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
      },
      {
        "category": "external",
        "summary": "1694235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
      },
      {
        "category": "external",
        "summary": "1805501",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
      },
      {
        "category": "external",
        "summary": "1807707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
      },
      {
        "category": "external",
        "summary": "1824301",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
      },
      {
        "category": "external",
        "summary": "1825714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
      },
      {
        "category": "external",
        "summary": "1837444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
      },
      {
        "category": "external",
        "summary": "1848617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
      },
      {
        "category": "external",
        "summary": "1851014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
      },
      {
        "category": "external",
        "summary": "1851019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
      },
      {
        "category": "external",
        "summary": "1851022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4961.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.9.0 security update",
    "tracking": {
      "current_release_date": "2026-01-08T12:27:24+00:00",
      "generator": {
        "date": "2026-01-08T12:27:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.14"
        }
      },
      "id": "RHSA-2020:4961",
      "initial_release_date": "2020-11-05T18:48:33+00:00",
      "revision_history": [
        {
          "date": "2020-11-05T18:48:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-05T18:48:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-08T12:27:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHPAM 7.9.0",
                "product": {
                  "name": "RHPAM 7.9.0",
                  "product_id": "RHPAM 7.9.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Process Automation Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Guillaume Smet"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2019-14900",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2019-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1666499"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate: SQL injection issue in Hibernate ORM",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14900"
        },
        {
          "category": "external",
          "summary": "RHBZ#1666499",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
        }
      ],
      "release_date": "2020-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        },
        {
          "category": "workaround",
          "details": "There is no currently known mitigation for this flaw.",
          "product_ids": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hibernate: SQL injection issue in Hibernate ORM"
    },
    {
      "cve": "CVE-2019-17566",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2020-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1848617"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: SSRF via \"xlink:href\"",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17566"
        },
        {
          "category": "external",
          "summary": "RHBZ#1848617",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
        }
      ],
      "release_date": "2020-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "batik: SSRF via \"xlink:href\""
    },
    {
      "cve": "CVE-2020-1748",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1807707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1748"
        },
        {
          "category": "external",
          "summary": "RHBZ#1807707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
        }
      ],
      "release_date": "2020-08-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
    },
    {
      "cve": "CVE-2020-1945",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-05-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1837444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "RHBZ#1837444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
        }
      ],
      "release_date": "2020-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        },
        {
          "category": "workaround",
          "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
          "product_ids": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file vulnerability"
    },
    {
      "cve": "CVE-2020-1954",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1824301"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cxf: JMX integration is vulnerable to a MITM attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1954"
        },
        {
          "category": "external",
          "summary": "RHBZ#1824301",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
        }
      ],
      "release_date": "2020-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "cxf: JMX integration is vulnerable to a MITM attack"
    },
    {
      "cve": "CVE-2020-2875",
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851019"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\nyum-config-manager --enable rhel-server-rhscl-7-rpms\nyum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2875"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851019",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
    },
    {
      "cve": "CVE-2020-2933",
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851022"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\nyum-config-manager --enable rhel-server-rhscl-7-rpms\nyum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2933"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851022",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS"
    },
    {
      "cve": "CVE-2020-2934",
      "discovery_date": "2020-06-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851014"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\n  # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n  # yum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2934"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851014",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adith Sudhakar"
          ]
        }
      ],
      "cve": "CVE-2020-10683",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2019-03-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1694235"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dom4j: XML External Entity vulnerability in default SAX parser",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform ships a vulnerable version of dom4j  library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10683"
        },
        {
          "category": "external",
          "summary": "RHBZ#1694235",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dom4j: XML External Entity vulnerability in default SAX parser"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alvaro Mu\u00f1oz"
          ],
          "organization": "GitHub Security Labs"
        }
      ],
      "cve": "CVE-2020-10693",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-02-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1805501"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10693"
        },
        {
          "category": "external",
          "summary": "RHBZ#1805501",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
        }
      ],
      "release_date": "2020-05-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        },
        {
          "category": "workaround",
          "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
          "product_ids": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mark Banierink"
          ],
          "organization": "Nedap"
        }
      ],
      "cve": "CVE-2020-10714",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2020-03-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1825714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-elytron: session fixation when using FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHPAM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10714"
        },
        {
          "category": "external",
          "summary": "RHBZ#1825714",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
        }
      ],
      "release_date": "2020-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:48:33+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHPAM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4961"
        },
        {
          "category": "workaround",
          "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n  \u003csession-config\u003e\n    \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n  \u003c/session-config\u003e\n~~~\nTO\n~~~\n  \u003csession-config\u003e\n    \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n  \u003c/session-config\u003e\n~~~",
          "product_ids": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHPAM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-elytron: session fixation when using FORM authentication"
    }
  ]
}

RHSA-2021:0637

Vulnerability from csaf_redhat - Published: 2021-03-03 12:28 - Updated: 2025-11-21 18:20

Summary

Red Hat Security Advisory: OpenShift Container Platform 3.11.394 bug fix and security update

Notes

Topic

Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304) * jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305) * ant: Insecure temporary file vulnerability (CVE-2020-1945) * jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306) * jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307) * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308) * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309) * ant: Insecure temporary file (CVE-2020-11979) * python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:0638 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html This update fixes the following bugs among others: * Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407) * Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567) * Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353) All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 3.11.394 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0637",
        "url": "https://access.redhat.com/errata/RHSA-2021:0637"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1837444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
      },
      {
        "category": "external",
        "summary": "1849003",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849003"
      },
      {
        "category": "external",
        "summary": "1873346",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873346"
      },
      {
        "category": "external",
        "summary": "1879407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879407"
      },
      {
        "category": "external",
        "summary": "1889972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972"
      },
      {
        "category": "external",
        "summary": "1895939",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895939"
      },
      {
        "category": "external",
        "summary": "1895940",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895940"
      },
      {
        "category": "external",
        "summary": "1895941",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895941"
      },
      {
        "category": "external",
        "summary": "1895945",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895945"
      },
      {
        "category": "external",
        "summary": "1895946",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895946"
      },
      {
        "category": "external",
        "summary": "1895947",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895947"
      },
      {
        "category": "external",
        "summary": "1903699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903699"
      },
      {
        "category": "external",
        "summary": "1903702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702"
      },
      {
        "category": "external",
        "summary": "1918392",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918392"
      },
      {
        "category": "external",
        "summary": "1920567",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920567"
      },
      {
        "category": "external",
        "summary": "1921353",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921353"
      },
      {
        "category": "external",
        "summary": "1924614",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924614"
      },
      {
        "category": "external",
        "summary": "1924811",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924811"
      },
      {
        "category": "external",
        "summary": "1929170",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929170"
      },
      {
        "category": "external",
        "summary": "1929216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929216"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0637.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.394 bug fix and security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:20:28+00:00",
      "generator": {
        "date": "2025-11-21T18:20:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2021:0637",
      "initial_release_date": "2021-03-03T12:28:39+00:00",
      "revision_history": [
        {
          "date": "2021-03-03T12:28:39+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-03-03T12:28:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:20:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.11",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.11",
                  "product_id": "7Server-RH7-RHOSE-3.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.11::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
                  "product_id": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.394-1.git.1675.fdb6e0b.el7?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.394-1.git.263.49acf3a.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
                "product": {
                  "name": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
                  "product_id": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.394-1.git.1062.8adc4b8.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
                  "product_id": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.394-1.git.481.6e48246.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
                "product": {
                  "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
                  "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.394-1.git.0.1900c76.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
                "product": {
                  "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
                  "product_id": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.394-1.git.439.4c37707.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.394-1.git.379.92adfdc.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
                "product": {
                  "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
                  "product_id": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.394-1.git.53.3d82586.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
                "product": {
                  "name": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
                  "product_id": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.394-1.git.0.1fbb64c.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
                "product": {
                  "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
                  "product_id": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.394-1.git.218.59eb597.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
                  "product_id": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.394-1.git.299.ad3a3c0.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
                  "product_id": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.394-1.git.667.08dd2a6.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
                "product": {
                  "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
                  "product_id": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.394-1.git.15.73f73cd.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
                "product": {
                  "name": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
                  "product_id": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.394-1.git.5026.2c9627f.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
                "product": {
                  "name": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
                  "product_id": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr@3.11.394-1.git.1490.16ed375.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
                "product": {
                  "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
                  "product_id": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.11.394-1.git.0.e03a88e.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "haproxy-0:1.8.28-1.el7.src",
                "product": {
                  "name": "haproxy-0:1.8.28-1.el7.src",
                  "product_id": "haproxy-0:1.8.28-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/haproxy@1.8.28-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
                "product": {
                  "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
                  "product_id": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1612862361-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-0:2.263.3.1612433584-1.el7.src",
                "product": {
                  "name": "jenkins-0:2.263.3.1612433584-1.el7.src",
                  "product_id": "jenkins-0:2.263.3.1612433584-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612433584-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-rsa-0:4.5-3.el7.src",
                "product": {
                  "name": "python-rsa-0:4.5-3.el7.src",
                  "product_id": "python-rsa-0:4.5-3.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-rsa@4.5-3.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
                "product": {
                  "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
                  "product_id": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.11.394-6.git.0.47ec25d.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
                  "product_id": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.394-1.git.1675.fdb6e0b.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
                "product": {
                  "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
                  "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.394-1.git.1675.fdb6e0b.el7?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.394-1.git.263.49acf3a.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
                "product": {
                  "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
                  "product_id": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.394-1.git.1062.8adc4b8.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
                  "product_id": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.394-1.git.481.6e48246.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
                  "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.394-1.git.0.1900c76.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
                "product": {
                  "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
                  "product_id": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.394-1.git.439.4c37707.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.394-1.git.379.92adfdc.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
                  "product_id": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.394-1.git.53.3d82586.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
                "product": {
                  "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
                  "product_id": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.394-1.git.0.1fbb64c.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
                "product": {
                  "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
                  "product_id": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.394-1.git.218.59eb597.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
                  "product_id": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.394-1.git.299.ad3a3c0.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
                  "product_id": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.394-1.git.667.08dd2a6.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
                  "product_id": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.394-1.git.15.73f73cd.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
                "product": {
                  "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
                  "product_id": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus@3.11.394-1.git.5026.2c9627f.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                "product": {
                  "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_id": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.394-1.git.0.e03a88e.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "haproxy18-0:1.8.28-1.el7.x86_64",
                "product": {
                  "name": "haproxy18-0:1.8.28-1.el7.x86_64",
                  "product_id": "haproxy18-0:1.8.28-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/haproxy18@1.8.28-1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
                "product": {
                  "name": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
                  "product_id": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/haproxy-debuginfo@1.8.28-1.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
                "product": {
                  "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
                  "product_id": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.394-1.git.1675.fdb6e0b.el7?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
                "product": {
                  "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
                  "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.394-1.git.1675.fdb6e0b.el7?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
                  "product_id": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.394-1.git.263.49acf3a.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
                "product": {
                  "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
                  "product_id": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.394-1.git.1062.8adc4b8.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
                  "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.394-1.git.0.1900c76.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
                "product": {
                  "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
                  "product_id": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.394-1.git.439.4c37707.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
                "product": {
                  "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
                  "product_id": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.394-1.git.379.92adfdc.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
                  "product_id": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.394-1.git.53.3d82586.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
                "product": {
                  "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
                  "product_id": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.394-1.git.0.1fbb64c.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
                "product": {
                  "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
                  "product_id": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.394-1.git.218.59eb597.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
                  "product_id": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.394-1.git.299.ad3a3c0.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
                  "product_id": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.394-1.git.667.08dd2a6.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
                  "product_id": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.394-1.git.15.73f73cd.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
                "product": {
                  "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
                  "product_id": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus@3.11.394-1.git.5026.2c9627f.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                "product": {
                  "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_id": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.394-1.git.0.e03a88e.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "haproxy18-0:1.8.28-1.el7.ppc64le",
                "product": {
                  "name": "haproxy18-0:1.8.28-1.el7.ppc64le",
                  "product_id": "haproxy18-0:1.8.28-1.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/haproxy18@1.8.28-1.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
                "product": {
                  "name": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
                  "product_id": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/haproxy-debuginfo@1.8.28-1.el7?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                "product": {
                  "name": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_id": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-cni@3.11.394-1.git.1490.16ed375.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                "product": {
                  "name": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_id": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-common@3.11.394-1.git.1490.16ed375.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                "product": {
                  "name": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_id": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-controller@3.11.394-1.git.1490.16ed375.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                "product": {
                  "name": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_id": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-kuryr-kubernetes@3.11.394-1.git.1490.16ed375.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
                "product": {
                  "name": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
                  "product_id": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.394-1.git.0.e03a88e.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
                "product": {
                  "name": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
                  "product_id": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.394-1.git.0.e03a88e.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
                "product": {
                  "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
                  "product_id": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1612862361-1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-0:2.263.3.1612433584-1.el7.noarch",
                "product": {
                  "name": "jenkins-0:2.263.3.1612433584-1.el7.noarch",
                  "product_id": "jenkins-0:2.263.3.1612433584-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612433584-1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python2-rsa-0:4.5-3.el7.noarch",
                "product": {
                  "name": "python2-rsa-0:4.5-3.el7.noarch",
                  "product_id": "python2-rsa-0:4.5-3.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-rsa@4.5-3.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_id": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@3.11.394-6.git.0.47ec25d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_id": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.394-6.git.0.47ec25d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_id": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.394-6.git.0.47ec25d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_id": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.394-6.git.0.47ec25d.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                "product": {
                  "name": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_id": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-test@3.11.394-6.git.0.47ec25d.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64"
        },
        "product_reference": "atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le"
        },
        "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64"
        },
        "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src"
        },
        "product_reference": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src"
        },
        "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64"
        },
        "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64"
        },
        "product_reference": "atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch"
        },
        "product_reference": "atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64"
        },
        "product_reference": "atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch"
        },
        "product_reference": "atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src"
        },
        "product_reference": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64"
        },
        "product_reference": "atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64"
        },
        "product_reference": "atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src"
        },
        "product_reference": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64"
        },
        "product_reference": "atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64"
        },
        "product_reference": "atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le"
        },
        "product_reference": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src"
        },
        "product_reference": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64"
        },
        "product_reference": "atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le"
        },
        "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src"
        },
        "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64"
        },
        "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src"
        },
        "product_reference": "golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src"
        },
        "product_reference": "golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src"
        },
        "product_reference": "golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "haproxy-0:1.8.28-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src"
        },
        "product_reference": "haproxy-0:1.8.28-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le"
        },
        "product_reference": "haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64"
        },
        "product_reference": "haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "haproxy18-0:1.8.28-1.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le"
        },
        "product_reference": "haproxy18-0:1.8.28-1.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "haproxy18-0:1.8.28-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64"
        },
        "product_reference": "haproxy18-0:1.8.28-1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.263.3.1612433584-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch"
        },
        "product_reference": "jenkins-0:2.263.3.1612433584-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.263.3.1612433584-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        },
        "product_reference": "jenkins-0:2.263.3.1612433584-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch"
        },
        "product_reference": "jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
        },
        "product_reference": "jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src"
        },
        "product_reference": "openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch"
        },
        "product_reference": "openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch"
        },
        "product_reference": "openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch"
        },
        "product_reference": "openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch"
        },
        "product_reference": "openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le"
        },
        "product_reference": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src"
        },
        "product_reference": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64"
        },
        "product_reference": "openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64"
        },
        "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src"
        },
        "product_reference": "openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch"
        },
        "product_reference": "openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch"
        },
        "product_reference": "openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch"
        },
        "product_reference": "openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le"
        },
        "product_reference": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64"
        },
        "product_reference": "prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le"
        },
        "product_reference": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64"
        },
        "product_reference": "prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le"
        },
        "product_reference": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64"
        },
        "product_reference": "prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-rsa-0:4.5-3.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src"
        },
        "product_reference": "python-rsa-0:4.5-3.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch"
        },
        "product_reference": "python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-rsa-0:4.5-3.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
          "product_id": "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        },
        "product_reference": "python2-rsa-0:4.5-3.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-05-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1837444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "RHBZ#1837444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
        }
      ],
      "release_date": "2020-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        },
        {
          "category": "workaround",
          "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file vulnerability"
    },
    {
      "cve": "CVE-2020-2304",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1895939"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity (XXE) attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2304"
        },
        {
          "category": "external",
          "summary": "RHBZ#1895939",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895939"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2304"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2304",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2304"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145",
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145"
        }
      ],
      "release_date": "2020-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks"
    },
    {
      "cve": "CVE-2020-2305",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1895940"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mercurial plugin in Jenkins. The XML changelog parser is not configured to prevent an XML external entity (XXE) attack allowing an attacker the ability to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2305"
        },
        {
          "category": "external",
          "summary": "RHBZ#1895940",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895940"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2305"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115",
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115"
        }
      ],
      "release_date": "2020-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks"
    },
    {
      "cve": "CVE-2020-2306",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2020-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1895941"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2306"
        },
        {
          "category": "external",
          "summary": "RHBZ#1895941",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895941"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2306",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2306"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2306",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2306"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2104",
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2104"
        }
      ],
      "release_date": "2020-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure"
    },
    {
      "cve": "CVE-2020-2307",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1895945"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2307"
        },
        {
          "category": "external",
          "summary": "RHBZ#1895945",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895945"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2307"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2307",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2307"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646",
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
        }
      ],
      "release_date": "2020-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin"
    },
    {
      "cve": "CVE-2020-2308",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2020-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1895946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2308"
        },
        {
          "category": "external",
          "summary": "RHBZ#1895946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2308"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2308",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2308"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102",
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
        }
      ],
      "release_date": "2020-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates"
    },
    {
      "cve": "CVE-2020-2309",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "discovery_date": "2020-11-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1895947"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2309"
        },
        {
          "category": "external",
          "summary": "RHBZ#1895947",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895947"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2309",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2309"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2309",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2309"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103",
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
        }
      ],
      "release_date": "2020-11-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs"
    },
    {
      "cve": "CVE-2020-11979",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-10-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1903702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "ant as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw because this flaw is caused by the patch for CVE-2020-1945, however, it was never applied to ant as shipped in Red Hat Enterprise Linux 8, because the decision was made by Engineering to WONTFIX that flaw.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "RHBZ#1903702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "https://security.gentoo.org/glsa/202011-18",
          "url": "https://security.gentoo.org/glsa/202011-18"
        }
      ],
      "release_date": "2020-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Hubert Kario"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2020-25658",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2020-10-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1889972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-rsa: bleichenbacher timing oracle attack against RSA decryption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-rsa package.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25658"
        },
        {
          "category": "external",
          "summary": "RHBZ#1889972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25658",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25658"
        },
        {
          "category": "external",
          "summary": "https://github.com/sybrenstuvel/python-rsa/issues/165",
          "url": "https://github.com/sybrenstuvel/python-rsa/issues/165"
        }
      ],
      "release_date": "2020-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-rsa: bleichenbacher timing oracle attack against RSA decryption"
    },
    {
      "cve": "CVE-2021-21602",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925161"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Arbitrary file read vulnerability in workspace browsers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21602"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925161",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21602"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Arbitrary file read vulnerability in workspace browsers"
    },
    {
      "cve": "CVE-2021-21603",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925160"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: XSS vulnerability in notification bar",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21603"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925160",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: XSS vulnerability in notification bar"
    },
    {
      "cve": "CVE-2021-21604",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Improper handling of REST API XML deserialization errors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21604"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21604",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21604"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Improper handling of REST API XML deserialization errors"
    },
    {
      "cve": "CVE-2021-21605",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925143"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global `config.xml` file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Path traversal vulnerability in agent names",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21605"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925143",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21605"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Path traversal vulnerability in agent names"
    },
    {
      "cve": "CVE-2021-21606",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925159"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Arbitrary file existence check in file fingerprints",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21606"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925159",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21606",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21606"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Arbitrary file existence check in file fingerprints"
    },
    {
      "cve": "CVE-2021-21607",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925156"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Excessive memory allocation in graph URLs leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21607"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925156",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21607",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21607"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Excessive memory allocation in graph URLs leads to denial of service"
    },
    {
      "cve": "CVE-2021-21608",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Stored XSS vulnerability in button labels",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21608"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21608"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Stored XSS vulnerability in button labels"
    },
    {
      "cve": "CVE-2021-21609",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Missing permission check for paths with specific prefix",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21609"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21609",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21609"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jenkins: Missing permission check for paths with specific prefix"
    },
    {
      "cve": "CVE-2021-21610",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925151"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  A cross-site scripting (XSS) vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Reflected XSS vulnerability in markup formatter preview",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21610"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925151",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21610",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21610"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Reflected XSS vulnerability in markup formatter preview"
    },
    {
      "cve": "CVE-2021-21611",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925145"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Stored XSS vulnerability on new item page",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
          "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
          "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
          "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
          "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
          "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
          "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
          "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21611"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925145",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21611"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T12:28:39+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and fully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258.",
          "product_ids": [
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.394-1.git.1675.fdb6e0b.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.394-1.git.0.1900c76.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.394-1.git.299.ad3a3c0.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.394-1.git.481.6e48246.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.394-1.git.0.e03a88e.el7.noarch",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.394-1.git.53.3d82586.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.394-1.git.263.49acf3a.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.394-1.git.15.73f73cd.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.394-1.git.0.e03a88e.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.src",
            "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.394-1.git.667.08dd2a6.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.394-1.git.439.4c37707.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.394-1.git.1062.8adc4b8.el7.src",
            "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.394-1.git.5026.2c9627f.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-0:1.8.28-1.el7.src",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy-debuginfo-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:haproxy18-0:1.8.28-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-0:2.263.3.1612433584-1.el7.src",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.noarch",
            "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1612862361-1.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.394-6.git.0.47ec25d.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.394-6.git.0.47ec25d.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.394-1.git.218.59eb597.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.394-1.git.379.92adfdc.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.394-1.git.1490.16ed375.el7.src",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.394-1.git.5026.2c9627f.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.394-1.git.0.1fbb64c.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.ppc64le",
            "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.394-1.git.1062.8adc4b8.el7.x86_64",
            "7Server-RH7-RHOSE-3.11:python-rsa-0:4.5-3.el7.src",
            "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.394-1.git.1490.16ed375.el7.noarch",
            "7Server-RH7-RHOSE-3.11:python2-rsa-0:4.5-3.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Stored XSS vulnerability on new item page"
    }
  ]
}

RHSA-2020:2618

Vulnerability from csaf_redhat - Published: 2020-06-19 01:39 - Updated: 2025-11-21 18:14

Summary

Red Hat Security Advisory: Red Hat AMQ Streams 1.5.0 release and security update

Notes

Topic

Red Hat AMQ Streams 1.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.5.0 serves as a replacement for Red Hat AMQ Streams 1.4.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * ant: insecure temporary file vulnerability (CVE-2020-1945) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat AMQ Streams 1.5.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. \n\nThis release of Red Hat AMQ Streams 1.5.0 serves as a replacement for Red Hat AMQ Streams 1.4.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:2618",
        "url": "https://access.redhat.com/errata/RHSA-2020:2618"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.5.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.streams\u0026downloadType=distributions\u0026version=1.5.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/products/red-hat-amq#streams",
        "url": "https://access.redhat.com/products/red-hat-amq#streams"
      },
      {
        "category": "external",
        "summary": "1816216",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
      },
      {
        "category": "external",
        "summary": "1837444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2618.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat AMQ Streams 1.5.0 release and security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:14:59+00:00",
      "generator": {
        "date": "2025-11-21T18:14:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2020:2618",
      "initial_release_date": "2020-06-19T01:39:36+00:00",
      "revision_history": [
        {
          "date": "2020-06-19T01:39:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-06-19T01:39:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:14:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat AMQ Streams 1.5.0",
                "product": {
                  "name": "Red Hat AMQ Streams 1.5.0",
                  "product_id": "Red Hat AMQ Streams 1.5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:amq_streams:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss AMQ"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-05-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1837444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 1.5.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "RHBZ#1837444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
        }
      ],
      "release_date": "2020-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-19T01:39:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 1.5.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2618"
        },
        {
          "category": "workaround",
          "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
          "product_ids": [
            "Red Hat AMQ Streams 1.5.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 1.5.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file vulnerability"
    },
    {
      "cve": "CVE-2020-11612",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1816216"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat AMQ Streams 1.5.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11612"
        },
        {
          "category": "external",
          "summary": "RHBZ#1816216",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612"
        }
      ],
      "release_date": "2020-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-06-19T01:39:36+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat AMQ Streams 1.5.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:2618"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat AMQ Streams 1.5.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes"
    }
  ]
}

RHSA-2021:0423

Vulnerability from csaf_redhat - Published: 2021-02-17 19:06 - Updated: 2025-11-21 18:20

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.6.17 security and packages update

Notes

Topic

Red Hat OpenShift Container Platform release 4.6.17 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.17. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:0424 Security Fix(es): * jenkins: XSS vulnerability in notification bar (CVE-2021-21603) * jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604) * jenkins: Path traversal vulnerability in agent names (CVE-2021-21605) * jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608) * jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610) * jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611) * ant: insecure temporary file vulnerability (CVE-2020-1945) * ant: insecure temporary file (CVE-2020-11979) * jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602) * jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606) * jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607) * jenkins: Filesystem traversal by privileged users (CVE-2021-21615) * jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.6.17 is now available with\nupdates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.17. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0424\n\nSecurity Fix(es):\n\n* jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0423",
        "url": "https://access.redhat.com/errata/RHSA-2021:0423"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1837444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
      },
      {
        "category": "external",
        "summary": "1903702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702"
      },
      {
        "category": "external",
        "summary": "1921322",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322"
      },
      {
        "category": "external",
        "summary": "1925140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140"
      },
      {
        "category": "external",
        "summary": "1925141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141"
      },
      {
        "category": "external",
        "summary": "1925143",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143"
      },
      {
        "category": "external",
        "summary": "1925145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145"
      },
      {
        "category": "external",
        "summary": "1925151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151"
      },
      {
        "category": "external",
        "summary": "1925156",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156"
      },
      {
        "category": "external",
        "summary": "1925157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157"
      },
      {
        "category": "external",
        "summary": "1925159",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159"
      },
      {
        "category": "external",
        "summary": "1925160",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160"
      },
      {
        "category": "external",
        "summary": "1925161",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161"
      },
      {
        "category": "external",
        "summary": "1925674",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925674"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0423.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.17 security and packages update",
    "tracking": {
      "current_release_date": "2025-11-21T18:20:13+00:00",
      "generator": {
        "date": "2025-11-21T18:20:13+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2021:0423",
      "initial_release_date": "2021-02-17T19:06:25+00:00",
      "revision_history": [
        {
          "date": "2021-02-17T19:06:25+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-17T19:06:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:20:13+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.6",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.6",
                  "product_id": "8Base-RHOSE-4.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.6::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.6",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.6",
                  "product_id": "7Server-RH7-RHOSE-4.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.6::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
                "product": {
                  "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
                  "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
                "product": {
                  "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
                  "product_id": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-0:2.263.3.1612434510-1.el8.src",
                "product": {
                  "name": "jenkins-0:2.263.3.1612434510-1.el8.src",
                  "product_id": "jenkins-0:2.263.3.1612434510-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434510-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
                  "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
                "product": {
                  "name": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
                  "product_id": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
                "product": {
                  "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
                  "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
                "product": {
                  "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
                  "product_id": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1612257979-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-rsa-0:4.7-1.el8.src",
                "product": {
                  "name": "python-rsa-0:4.7-1.el8.src",
                  "product_id": "python-rsa-0:4.7-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-rsa@4.7-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
                "product": {
                  "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
                  "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
                "product": {
                  "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
                  "product_id": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.6.0-202102050212.p0.git.94265.716fcf8.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
                "product": {
                  "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
                  "product_id": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.19.1-7.rhaos4.6.git6377f68.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
                "product": {
                  "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
                  "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
                "product": {
                  "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
                  "product_id": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.6.0-202102031649.p0.git.0.bf90f86.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
                  "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
                  "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
                  "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                "product": {
                  "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                  "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                  "product_id": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-82.rhaos4.6.git086e841.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                  "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
                  "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.6.0-202102050644.p0.git.3831.1c61c6b.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
                  "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
                "product": {
                  "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
                  "product_id": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.19.1-7.rhaos4.6.git6377f68.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
                "product": {
                  "name": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
                  "product_id": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.19.1-7.rhaos4.6.git6377f68.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
                "product": {
                  "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
                  "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
                  "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
                "product": {
                  "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
                  "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
                "product": {
                  "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
                  "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
                  "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                "product": {
                  "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                  "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                  "product_id": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-82.rhaos4.6.git086e841.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                  "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
                "product": {
                  "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
                  "product_id": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.6.0-202102050644.p0.git.3831.1c61c6b.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
                "product": {
                  "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
                  "product_id": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202102050212.p0.git.94265.716fcf8.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
                  "product_id": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.6.0-202102031810.p0.git.15.dcab90a.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                "product": {
                  "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                  "product_id": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-82.rhaos4.6.git086e841.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                  "product_id": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-82.rhaos4.6.git086e841.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                  "product_id": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-82.rhaos4.6.git086e841.el8?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jenkins-0:2.263.3.1612434510-1.el8.noarch",
                "product": {
                  "name": "jenkins-0:2.263.3.1612434510-1.el8.noarch",
                  "product_id": "jenkins-0:2.263.3.1612434510-1.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434510-1.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_id": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_id": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_id": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                "product": {
                  "name": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_id": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.6.0-202102031810.p0.git.2225.a3ab872.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
                "product": {
                  "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
                  "product_id": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1612257979-1.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rsa-0:4.7-1.el8.noarch",
                "product": {
                  "name": "python3-rsa-0:4.7-1.el8.noarch",
                  "product_id": "python3-rsa-0:4.7-1.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rsa@4.7-1.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
                  "product_id": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.6.0-202102031649.p0.git.0.bf90f86.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
                "product": {
                  "name": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
                  "product_id": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-test@4.6.0-202102031649.p0.git.0.bf90f86.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src"
        },
        "product_reference": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64"
        },
        "product_reference": "cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64"
        },
        "product_reference": "cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src"
        },
        "product_reference": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src"
        },
        "product_reference": "openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch"
        },
        "product_reference": "openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src"
        },
        "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64"
        },
        "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src"
        },
        "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64"
        },
        "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.263.3.1612434510-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch"
        },
        "product_reference": "jenkins-0:2.263.3.1612434510-1.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.263.3.1612434510-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        },
        "product_reference": "jenkins-0:2.263.3.1612434510-1.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch"
        },
        "product_reference": "jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src"
        },
        "product_reference": "jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src"
        },
        "product_reference": "openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le"
        },
        "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x"
        },
        "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src"
        },
        "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64"
        },
        "product_reference": "openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le"
        },
        "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x"
        },
        "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src"
        },
        "product_reference": "openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch"
        },
        "product_reference": "openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch"
        },
        "product_reference": "openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch"
        },
        "product_reference": "openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-rsa-0:4.7-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src"
        },
        "product_reference": "python-rsa-0:4.7-1.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch"
        },
        "product_reference": "python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rsa-0:4.7-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch"
        },
        "product_reference": "python3-rsa-0:4.7-1.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le"
        },
        "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x"
        },
        "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src"
        },
        "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        },
        "product_reference": "runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le"
        },
        "product_reference": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x"
        },
        "product_reference": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
          "product_id": "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        },
        "product_reference": "runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-05-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1837444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "RHBZ#1837444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
        }
      ],
      "release_date": "2020-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        },
        {
          "category": "workaround",
          "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file vulnerability"
    },
    {
      "cve": "CVE-2020-11979",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-10-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1903702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "ant as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw because this flaw is caused by the patch for CVE-2020-1945, however, it was never applied to ant as shipped in Red Hat Enterprise Linux 8, because the decision was made by Engineering to WONTFIX that flaw.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "RHBZ#1903702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "https://security.gentoo.org/glsa/202011-18",
          "url": "https://security.gentoo.org/glsa/202011-18"
        }
      ],
      "release_date": "2020-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file"
    },
    {
      "cve": "CVE-2021-21602",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925161"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Arbitrary file read vulnerability in workspace browsers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21602"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925161",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21602"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Arbitrary file read vulnerability in workspace browsers"
    },
    {
      "cve": "CVE-2021-21603",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925160"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: XSS vulnerability in notification bar",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21603"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925160",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: XSS vulnerability in notification bar"
    },
    {
      "cve": "CVE-2021-21604",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Improper handling of REST API XML deserialization errors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21604"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21604",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21604"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Improper handling of REST API XML deserialization errors"
    },
    {
      "cve": "CVE-2021-21605",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925143"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global `config.xml` file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Path traversal vulnerability in agent names",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21605"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925143",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21605"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Path traversal vulnerability in agent names"
    },
    {
      "cve": "CVE-2021-21606",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925159"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Arbitrary file existence check in file fingerprints",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21606"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925159",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21606",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21606"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Arbitrary file existence check in file fingerprints"
    },
    {
      "cve": "CVE-2021-21607",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925156"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Excessive memory allocation in graph URLs leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21607"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925156",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21607",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21607"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Excessive memory allocation in graph URLs leads to denial of service"
    },
    {
      "cve": "CVE-2021-21608",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Stored XSS vulnerability in button labels",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21608"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21608"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Stored XSS vulnerability in button labels"
    },
    {
      "cve": "CVE-2021-21609",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Missing permission check for paths with specific prefix",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21609"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21609",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21609"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jenkins: Missing permission check for paths with specific prefix"
    },
    {
      "cve": "CVE-2021-21610",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925151"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  A cross-site scripting (XSS) vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Reflected XSS vulnerability in markup formatter preview",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21610"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925151",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21610",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21610"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Reflected XSS vulnerability in markup formatter preview"
    },
    {
      "cve": "CVE-2021-21611",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925145"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Stored XSS vulnerability on new item page",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21611"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925145",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21611"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Stored XSS vulnerability on new item page"
    },
    {
      "cve": "CVE-2021-21615",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-01-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1921322"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Filesystem traversal by privileged users",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
          "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
          "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
          "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
          "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
          "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
          "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
          "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
          "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
          "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
          "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
          "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
          "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
          "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
          "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21615"
        },
        {
          "category": "external",
          "summary": "RHBZ#1921322",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21615"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197",
          "url": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197"
        }
      ],
      "release_date": "2021-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-17T19:06:25+00:00",
          "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html.",
          "product_ids": [
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0423"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.src",
            "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.1-7.rhaos4.6.git6377f68.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-ansible-test-0:4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src",
            "7Server-RH7-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.src",
            "7Server-RH7-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "7Server-RH7-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el7.x86_64",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.src",
            "8Base-RHOSE-4.6:atomic-openshift-service-idler-0:4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-0:2.263.3.1612434510-1.el8.src",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.noarch",
            "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1612257979-1.el8.src",
            "8Base-RHOSE-4.6:openshift-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src",
            "8Base-RHOSE-4.6:openshift-clients-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-clients-redistributable-0:4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x",
            "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64",
            "8Base-RHOSE-4.6:openshift-kuryr-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.src",
            "8Base-RHOSE-4.6:openshift-kuryr-cni-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-common-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:openshift-kuryr-controller-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python-rsa-0:4.7-1.el8.src",
            "8Base-RHOSE-4.6:python3-kuryr-kubernetes-0:4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch",
            "8Base-RHOSE-4.6:python3-rsa-0:4.7-1.el8.noarch",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.src",
            "8Base-RHOSE-4.6:runc-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debuginfo-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.ppc64le",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.s390x",
            "8Base-RHOSE-4.6:runc-debugsource-0:1.0.0-82.rhaos4.6.git086e841.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Filesystem traversal by privileged users"
    }
  ]
}

RHSA-2021:0429

Vulnerability from csaf_redhat - Published: 2021-03-03 04:19 - Updated: 2025-11-21 18:20

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.5.33 packages and security update

Notes

Topic

Red Hat OpenShift Container Platform release 4.5.33 is now available with updates to packages and images that fix several bugs. This release also includes a security update for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.5.33. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2021:0428 Security Fix(es): * jenkins: XSS vulnerability in notification bar (CVE-2021-21603) * jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604) * jenkins: Path traversal vulnerability in agent names (CVE-2021-21605) * jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608) * jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610) * jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611) * ant: insecure temporary file vulnerability (CVE-2020-1945) * ant: insecure temporary file (CVE-2020-11979) * jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602) * jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606) * jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607) * jenkins: Filesystem traversal by privileged users (CVE-2021-21615) * jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.5.33 is now available with\nupdates to packages and images that fix several bugs.\n\nThis release also includes a security update for Red Hat OpenShift Container Platform 4.5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.5.33. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:0428\n\nSecurity Fix(es):\n\n* jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0429",
        "url": "https://access.redhat.com/errata/RHSA-2021:0429"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1837444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
      },
      {
        "category": "external",
        "summary": "1903702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702"
      },
      {
        "category": "external",
        "summary": "1921322",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322"
      },
      {
        "category": "external",
        "summary": "1925140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140"
      },
      {
        "category": "external",
        "summary": "1925141",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141"
      },
      {
        "category": "external",
        "summary": "1925143",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143"
      },
      {
        "category": "external",
        "summary": "1925145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145"
      },
      {
        "category": "external",
        "summary": "1925151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151"
      },
      {
        "category": "external",
        "summary": "1925156",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156"
      },
      {
        "category": "external",
        "summary": "1925157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157"
      },
      {
        "category": "external",
        "summary": "1925159",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159"
      },
      {
        "category": "external",
        "summary": "1925160",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160"
      },
      {
        "category": "external",
        "summary": "1925161",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161"
      },
      {
        "category": "external",
        "summary": "1925678",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925678"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0429.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.5.33 packages and security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:20:13+00:00",
      "generator": {
        "date": "2025-11-21T18:20:13+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2021:0429",
      "initial_release_date": "2021-03-03T04:19:25+00:00",
      "revision_history": [
        {
          "date": "2021-03-03T04:19:25+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-03-03T04:19:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:20:13+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.5",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.5",
                  "product_id": "7Server-RH7-RHOSE-4.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.5::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.5",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.5",
                  "product_id": "8Base-RHOSE-4.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.5::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
                "product": {
                  "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
                  "product_id": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.5.0-202102050524.p0.git.0.9229406.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-0:2.263.3.1612434332-1.el7.src",
                "product": {
                  "name": "jenkins-0:2.263.3.1612434332-1.el7.src",
                  "product_id": "jenkins-0:2.263.3.1612434332-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434332-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
                "product": {
                  "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
                  "product_id": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.5.0-202102031005.p0.git.0.c6839a2.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el7.src",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el7.src",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=src\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
                "product": {
                  "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
                  "product_id": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.5.0-202102050524.p0.git.0.9229406.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
                "product": {
                  "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
                  "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
                "product": {
                  "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
                  "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el8.src",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el8.src",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
                  "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
                  "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
                "product": {
                  "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
                  "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                "product": {
                  "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                  "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                  "product_id": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                  "product_id": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
                "product": {
                  "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
                  "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
                "product": {
                  "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
                  "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
                "product": {
                  "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
                  "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                "product": {
                  "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                  "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                  "product_id": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                  "product_id": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=s390x\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
                "product": {
                  "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
                  "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el7?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
                "product": {
                  "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
                  "product_id": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.5.0-202102051529.p0.git.3612.61b096a.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
                "product": {
                  "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
                  "product_id": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.5.0-202102050524.p0.git.0.9229406.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
                "product": {
                  "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
                  "product_id": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/machine-config-daemon@4.5.0-202102050524.p0.git.2594.ff3b8c0.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                "product": {
                  "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                  "product_id": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                  "product_id": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                  "product_id": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-72.rhaos4.5.giteadfc6b.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
                "product": {
                  "name": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
                  "product_id": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/conmon@2.0.21-1.rhaos4.5.el8?arch=ppc64le\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jenkins-0:2.263.3.1612434332-1.el7.noarch",
                "product": {
                  "name": "jenkins-0:2.263.3.1612434332-1.el7.noarch",
                  "product_id": "jenkins-0:2.263.3.1612434332-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.263.3.1612434332-1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
                  "product_id": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.5.0-202102031005.p0.git.0.c6839a2.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
                "product": {
                  "name": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
                  "product_id": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-test@4.5.0-202102031005.p0.git.0.c6839a2.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el7.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.263.3.1612434332-1.el7.noarch as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch"
        },
        "product_reference": "jenkins-0:2.263.3.1612434332-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.263.3.1612434332-1.el7.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src"
        },
        "product_reference": "jenkins-0:2.263.3.1612434332-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src"
        },
        "product_reference": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src"
        },
        "product_reference": "openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch"
        },
        "product_reference": "openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le"
        },
        "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x"
        },
        "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el8.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64"
        },
        "product_reference": "conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le"
        },
        "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x"
        },
        "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src"
        },
        "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64"
        },
        "product_reference": "machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src"
        },
        "product_reference": "openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64"
        },
        "product_reference": "openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le"
        },
        "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x"
        },
        "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le"
        },
        "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x"
        },
        "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src"
        },
        "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        },
        "product_reference": "runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le"
        },
        "product_reference": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x"
        },
        "product_reference": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.5",
          "product_id": "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        },
        "product_reference": "runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-05-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1837444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "RHBZ#1837444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
        }
      ],
      "release_date": "2020-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        },
        {
          "category": "workaround",
          "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file vulnerability"
    },
    {
      "cve": "CVE-2020-11979",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-10-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1903702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "ant as shipped in Red Hat Enterprise Linux 8 is not affected by this flaw because this flaw is caused by the patch for CVE-2020-1945, however, it was never applied to ant as shipped in Red Hat Enterprise Linux 8, because the decision was made by Engineering to WONTFIX that flaw.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "RHBZ#1903702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "https://security.gentoo.org/glsa/202011-18",
          "url": "https://security.gentoo.org/glsa/202011-18"
        }
      ],
      "release_date": "2020-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file"
    },
    {
      "cve": "CVE-2021-21602",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925161"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Arbitrary file read vulnerability in workspace browsers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21602"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925161",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925161"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21602",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21602"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21602"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Arbitrary file read vulnerability in workspace browsers"
    },
    {
      "cve": "CVE-2021-21603",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925160"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: XSS vulnerability in notification bar",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21603"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925160",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925160"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21603"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: XSS vulnerability in notification bar"
    },
    {
      "cve": "CVE-2021-21604",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Improper handling of REST API XML deserialization errors",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21604"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21604",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21604"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21604"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Improper handling of REST API XML deserialization errors"
    },
    {
      "cve": "CVE-2021-21605",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925143"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global `config.xml` file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Path traversal vulnerability in agent names",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21605"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925143",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925143"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21605"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21605"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Path traversal vulnerability in agent names"
    },
    {
      "cve": "CVE-2021-21606",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925159"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Arbitrary file existence check in file fingerprints",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21606"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925159",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925159"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21606",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21606"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21606"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Arbitrary file existence check in file fingerprints"
    },
    {
      "cve": "CVE-2021-21607",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925156"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Excessive memory allocation in graph URLs leads to denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21607"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925156",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925156"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21607",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21607"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21607"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Excessive memory allocation in graph URLs leads to denial of service"
    },
    {
      "cve": "CVE-2021-21608",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925140"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  A cross-site scripting (XSS) vulnerability, due to the button labels not being properly escaped, can allow an attacker to control button labels. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Stored XSS vulnerability in button labels",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21608"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925140",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925140"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21608"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21608"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Stored XSS vulnerability in button labels"
    },
    {
      "cve": "CVE-2021-21609",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925141"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Missing permission check for paths with specific prefix",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21609"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925141",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925141"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21609",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21609"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21609"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jenkins: Missing permission check for paths with specific prefix"
    },
    {
      "cve": "CVE-2021-21610",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925151"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins.  A cross-site scripting (XSS) vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Reflected XSS vulnerability in markup formatter preview",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21610"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925151",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925151"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21610",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21610"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21610"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Reflected XSS vulnerability in markup formatter preview"
    },
    {
      "cve": "CVE-2021-21611",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-02-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1925145"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to display names and IDs of item types shown on the New Item page not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Stored XSS vulnerability on new item page",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21611"
        },
        {
          "category": "external",
          "summary": "RHBZ#1925145",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925145"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21611",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21611"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21611"
        }
      ],
      "release_date": "2021-01-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jenkins: Stored XSS vulnerability on new item page"
    },
    {
      "cve": "CVE-2021-21615",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-01-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1921322"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Filesystem traversal by privileged users",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
          "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
          "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
          "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
          "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
          "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
          "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
          "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
          "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
          "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
          "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21615"
        },
        {
          "category": "external",
          "summary": "RHBZ#1921322",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921322"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21615",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21615"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21615"
        },
        {
          "category": "external",
          "summary": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197",
          "url": "https://www.jenkins.io/security/advisory/2021-01-26/#SECURITY-2197"
        }
      ],
      "release_date": "2021-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-03-03T04:19:25+00:00",
          "details": "For OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html.",
          "product_ids": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0429"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.s390x",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.src",
            "7Server-RH7-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.noarch",
            "7Server-RH7-RHOSE-4.5:jenkins-0:2.263.3.1612434332-1.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-ansible-test-0:4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.src",
            "7Server-RH7-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.s390x",
            "7Server-RH7-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el7.x86_64",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.ppc64le",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.s390x",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.src",
            "8Base-RHOSE-4.5:conmon-2:2.0.21-1.rhaos4.5.el8.x86_64",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src",
            "8Base-RHOSE-4.5:machine-config-daemon-0:4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-0:4.5.0-202102050524.p0.git.0.9229406.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.src",
            "8Base-RHOSE-4.5:openshift-clients-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-clients-redistributable-0:4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.s390x",
            "8Base-RHOSE-4.5:openshift-hyperkube-0:4.5.0-202102050524.p0.git.0.9229406.el8.x86_64",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.src",
            "8Base-RHOSE-4.5:runc-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debuginfo-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x",
            "8Base-RHOSE-4.5:runc-debugsource-0:1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Filesystem traversal by privileged users"
    }
  ]
}

RHSA-2020:4960

Vulnerability from csaf_redhat - Published: 2020-11-05 18:47 - Updated: 2026-01-08 12:27

Summary

Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update

Notes

Topic

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * ant: insecure temporary file vulnerability (CVE-2020-1945) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875) * mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933) * mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Decision Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model \u0026 Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:4960",
        "url": "https://access.redhat.com/errata/RHSA-2020:4960"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.9.0"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/"
      },
      {
        "category": "external",
        "summary": "1666499",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
      },
      {
        "category": "external",
        "summary": "1694235",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
      },
      {
        "category": "external",
        "summary": "1805501",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
      },
      {
        "category": "external",
        "summary": "1807707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
      },
      {
        "category": "external",
        "summary": "1824301",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
      },
      {
        "category": "external",
        "summary": "1825714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
      },
      {
        "category": "external",
        "summary": "1837444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
      },
      {
        "category": "external",
        "summary": "1848617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
      },
      {
        "category": "external",
        "summary": "1851014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
      },
      {
        "category": "external",
        "summary": "1851019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
      },
      {
        "category": "external",
        "summary": "1851022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4960.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Decision Manager 7.9.0 security update",
    "tracking": {
      "current_release_date": "2026-01-08T12:27:23+00:00",
      "generator": {
        "date": "2026-01-08T12:27:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.14"
        }
      },
      "id": "RHSA-2020:4960",
      "initial_release_date": "2020-11-05T18:47:03+00:00",
      "revision_history": [
        {
          "date": "2020-11-05T18:47:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-11-05T18:47:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-08T12:27:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHDM 7.9.0",
                "product": {
                  "name": "RHDM 7.9.0",
                  "product_id": "RHDM 7.9.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Decision Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Guillaume Smet"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2019-14900",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2019-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1666499"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate: SQL injection issue in Hibernate ORM",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenDaylight:\nIn RHOSP10, RHOSP13 and RHOSP14 editions of Red Hat OpenStack platform, the hibernate-jfa library shipped with OpenDaylight is contains a flaw in the processing of SQL queries. The hibernate-jha implemenation is not used in a vulnerable way in OpenDaylight, preventing the potential for SQL injection.\n\nRed Hat Satellite 6.2, 6.3 and 6.4 contains affected versions of hibernate-core in its candlepin component. However, that component does not use hibernate-core in a vulnerable way.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-14900"
        },
        {
          "category": "external",
          "summary": "RHBZ#1666499",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666499"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-14900"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14900"
        }
      ],
      "release_date": "2020-05-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        },
        {
          "category": "workaround",
          "details": "There is no currently known mitigation for this flaw.",
          "product_ids": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hibernate: SQL injection issue in Hibernate ORM"
    },
    {
      "cve": "CVE-2019-17566",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "discovery_date": "2020-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1848617"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack (SSRF) via \"xlink:href\" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "batik: SSRF via \"xlink:href\"",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17566"
        },
        {
          "category": "external",
          "summary": "RHBZ#1848617",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848617"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17566"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17566"
        }
      ],
      "release_date": "2020-06-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "batik: SSRF via \"xlink:href\""
    },
    {
      "cve": "CVE-2020-1748",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2020-02-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1807707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1748"
        },
        {
          "category": "external",
          "summary": "RHBZ#1807707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748"
        }
      ],
      "release_date": "2020-08-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain"
    },
    {
      "cve": "CVE-2020-1945",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2020-05-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1837444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ant: insecure temporary file vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of ant package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "RHBZ#1837444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
        }
      ],
      "release_date": "2020-05-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        },
        {
          "category": "workaround",
          "details": "For versions 1.1 to 1.9.14 and 1.10.0 to 1.10.7, set the java.io.tmpdir system property to a private directory-- only readable and writable by the current user-- before running Ant.\n\nFor versions 1.9.15 and 1.10.8, use the Ant property ant.tmpfile instead. Ant 1.10.8 protects the temporary files if the underlying filesystem allows it, but using a private temporary directory is still recommended.",
          "product_ids": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ant: insecure temporary file vulnerability"
    },
    {
      "cve": "CVE-2020-1954",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1824301"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cxf: JMX integration is vulnerable to a MITM attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-1954"
        },
        {
          "category": "external",
          "summary": "RHBZ#1824301",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1824301"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1954"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1954"
        }
      ],
      "release_date": "2020-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "cxf: JMX integration is vulnerable to a MITM attack"
    },
    {
      "cve": "CVE-2020-2875",
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851019"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands in MySQL Connectors and other products.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\nyum-config-manager --enable rhel-server-rhscl-7-rpms\nyum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2875"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851019",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
    },
    {
      "cve": "CVE-2020-2933",
      "discovery_date": "2020-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851022"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection, causing a denial of service of the MySQL Connectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\nyum-config-manager --enable rhel-server-rhscl-7-rpms\nyum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2933"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851022",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS"
    },
    {
      "cve": "CVE-2020-2934",
      "discovery_date": "2020-06-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1851014"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user\u0027s connection and insert unauthorized SQL commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections.  It can be installed this way:\n~~~\n  # yum-config-manager --enable rhel-server-rhscl-7-rpms\n\n  # yum install rh-mariadb103-mariadb-java-client\n~~~",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-2934"
        },
        {
          "category": "external",
          "summary": "RHBZ#1851014",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-2934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adith Sudhakar"
          ]
        }
      ],
      "cve": "CVE-2020-10683",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2019-03-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1694235"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dom4j: XML External Entity vulnerability in default SAX parser",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform ships a vulnerable version of dom4j  library. However it\u0027s used to parse configuration files, which are local disk resources. We\u0027ve rated this issue with a moderate impact for OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10683"
        },
        {
          "category": "external",
          "summary": "RHBZ#1694235",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10683"
        }
      ],
      "release_date": "2020-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dom4j: XML External Entity vulnerability in default SAX parser"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Alvaro Mu\u00f1oz"
          ],
          "organization": "GitHub Security Labs"
        }
      ],
      "cve": "CVE-2020-10693",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2020-02-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1805501"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-validator: Improper input validation in the interpolation of constraint error messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "hibernate-validator is packaged with Red Hat OpenStack Platform 13.0\u0027s OpenDaylight (ODL). However, because ODL is technical preview in this version and the flaw is moderate, Red Hat will not be releasing a fix for the OpenStack package at this time.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10693"
        },
        {
          "category": "external",
          "summary": "RHBZ#1805501",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805501"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10693"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10693"
        }
      ],
      "release_date": "2020-05-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        },
        {
          "category": "workaround",
          "details": "You can pass user input as an expression variable by unwrapping the context to HibernateConstraintValidatorContext. Please refer to the https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/ and https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_the_code_constraintvalidatorcontext_code.",
          "product_ids": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "hibernate-validator: Improper input validation in the interpolation of constraint error messages"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mark Banierink"
          ],
          "organization": "Nedap"
        }
      ],
      "cve": "CVE-2020-10714",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2020-03-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1825714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly-elytron: session fixation when using FORM authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "RHDM 7.9.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10714"
        },
        {
          "category": "external",
          "summary": "RHBZ#1825714",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714"
        }
      ],
      "release_date": "2020-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-11-05T18:47:03+00:00",
          "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "RHDM 7.9.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:4960"
        },
        {
          "category": "workaround",
          "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n  \u003csession-config\u003e\n    \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n  \u003c/session-config\u003e\n~~~\nTO\n~~~\n  \u003csession-config\u003e\n    \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n  \u003c/session-config\u003e\n~~~",
          "product_ids": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "RHDM 7.9.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly-elytron: session fixation when using FORM authentication"
    }
  ]
}

SUSE-SU-2022:4022-1

Vulnerability from csaf_suse - Published: 2022-11-16 15:08 - Updated: 2022-11-16 15:08

Summary

Security update for ant

Notes

Title of the patch

Security update for ant

Description of the patch

This update for ant fixes the following issues: - CVE-2020-1945: Fixed insecure temporary file vulnerability (bsc#1171696). - CVE-2020-11979: Fixed issue introduced with fix for CVE-2020-1945 (bsc#1177180).

Patchnames

SUSE-2022-4022,SUSE-SLE-SDK-12-SP5-2022-4022,SUSE-SLE-SERVER-12-SP5-2022-4022

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ant",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ant fixes the following issues:\n\n- CVE-2020-1945: Fixed insecure temporary file vulnerability (bsc#1171696).\n- CVE-2020-11979: Fixed issue introduced with fix for CVE-2020-1945 (bsc#1177180).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-4022,SUSE-SLE-SDK-12-SP5-2022-4022,SUSE-SLE-SERVER-12-SP5-2022-4022",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4022-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:4022-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224022-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:4022-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012947.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171696",
        "url": "https://bugzilla.suse.com/1171696"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177180",
        "url": "https://bugzilla.suse.com/1177180"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11979 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11979/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-1945 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-1945/"
      }
    ],
    "title": "Security update for ant",
    "tracking": {
      "current_release_date": "2022-11-16T15:08:09Z",
      "generator": {
        "date": "2022-11-16T15:08:09Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:4022-1",
      "initial_release_date": "2022-11-16T15:08:09Z",
      "revision_history": [
        {
          "date": "2022-11-16T15:08:09Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ant-1.9.4-3.12.1.noarch",
                "product": {
                  "name": "ant-1.9.4-3.12.1.noarch",
                  "product_id": "ant-1.9.4-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-antlr-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-antlr-1.9.4-3.12.3.noarch",
                  "product_id": "ant-antlr-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-bcel-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-apache-bcel-1.9.4-3.12.3.noarch",
                  "product_id": "ant-apache-bcel-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-bsf-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-apache-bsf-1.9.4-3.12.3.noarch",
                  "product_id": "ant-apache-bsf-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-log4j-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-apache-log4j-1.9.4-3.12.3.noarch",
                  "product_id": "ant-apache-log4j-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-oro-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-apache-oro-1.9.4-3.12.3.noarch",
                  "product_id": "ant-apache-oro-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-regexp-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-apache-regexp-1.9.4-3.12.3.noarch",
                  "product_id": "ant-apache-regexp-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-resolver-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-apache-resolver-1.9.4-3.12.3.noarch",
                  "product_id": "ant-apache-resolver-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-xalan2-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-apache-xalan2-1.9.4-3.12.3.noarch",
                  "product_id": "ant-apache-xalan2-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-commons-logging-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-commons-logging-1.9.4-3.12.3.noarch",
                  "product_id": "ant-commons-logging-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-commons-net-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-commons-net-1.9.4-3.12.3.noarch",
                  "product_id": "ant-commons-net-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-javadoc-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-javadoc-1.9.4-3.12.3.noarch",
                  "product_id": "ant-javadoc-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-javamail-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-javamail-1.9.4-3.12.3.noarch",
                  "product_id": "ant-javamail-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jdepend-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-jdepend-1.9.4-3.12.3.noarch",
                  "product_id": "ant-jdepend-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jmf-1.9.4-3.12.1.noarch",
                "product": {
                  "name": "ant-jmf-1.9.4-3.12.1.noarch",
                  "product_id": "ant-jmf-1.9.4-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jsch-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-jsch-1.9.4-3.12.3.noarch",
                  "product_id": "ant-jsch-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-junit-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-junit-1.9.4-3.12.3.noarch",
                  "product_id": "ant-junit-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-manual-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-manual-1.9.4-3.12.3.noarch",
                  "product_id": "ant-manual-1.9.4-3.12.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-scripts-1.9.4-3.12.1.noarch",
                "product": {
                  "name": "ant-scripts-1.9.4-3.12.1.noarch",
                  "product_id": "ant-scripts-1.9.4-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-swing-1.9.4-3.12.1.noarch",
                "product": {
                  "name": "ant-swing-1.9.4-3.12.1.noarch",
                  "product_id": "ant-swing-1.9.4-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-testutil-1.9.4-3.12.3.noarch",
                "product": {
                  "name": "ant-testutil-1.9.4-3.12.3.noarch",
                  "product_id": "ant-testutil-1.9.4-3.12.3.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.9.4-3.12.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.12.1.noarch"
        },
        "product_reference": "ant-1.9.4-3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-antlr-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-antlr-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-bcel-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bcel-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-apache-bcel-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-bsf-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bsf-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-apache-bsf-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-log4j-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-log4j-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-apache-log4j-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-oro-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-oro-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-apache-oro-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-regexp-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-regexp-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-apache-regexp-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-resolver-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-resolver-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-apache-resolver-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-commons-logging-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-commons-logging-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-commons-logging-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-javadoc-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javadoc-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-javadoc-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-javamail-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javamail-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-javamail-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jdepend-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jdepend-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-jdepend-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jmf-1.9.4-3.12.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jmf-1.9.4-3.12.1.noarch"
        },
        "product_reference": "ant-jmf-1.9.4-3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-junit-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-junit-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-junit-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-manual-1.9.4-3.12.3.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-manual-1.9.4-3.12.3.noarch"
        },
        "product_reference": "ant-manual-1.9.4-3.12.3.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-scripts-1.9.4-3.12.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-scripts-1.9.4-3.12.1.noarch"
        },
        "product_reference": "ant-scripts-1.9.4-3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-swing-1.9.4-3.12.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-swing-1.9.4-3.12.1.noarch"
        },
        "product_reference": "ant-swing-1.9.4-3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.9.4-3.12.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.12.1.noarch"
        },
        "product_reference": "ant-1.9.4-3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.9.4-3.12.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.12.1.noarch"
        },
        "product_reference": "ant-1.9.4-3.12.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11979",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11979"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bcel-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bsf-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-log4j-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-oro-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-regexp-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-resolver-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-commons-logging-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javadoc-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javamail-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jdepend-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jmf-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-junit-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-manual-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-scripts-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-swing-1.9.4-3.12.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11979",
          "url": "https://www.suse.com/security/cve/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177180 for CVE-2020-11979",
          "url": "https://bugzilla.suse.com/1177180"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bcel-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bsf-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-log4j-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-oro-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-regexp-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-resolver-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-commons-logging-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javadoc-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javamail-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jdepend-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jmf-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-junit-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-manual-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-scripts-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-swing-1.9.4-3.12.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bcel-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bsf-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-log4j-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-oro-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-regexp-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-resolver-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-commons-logging-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javadoc-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javamail-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jdepend-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jmf-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-junit-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-manual-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-scripts-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-swing-1.9.4-3.12.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-11-16T15:08:09Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11979"
    },
    {
      "cve": "CVE-2020-1945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-1945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bcel-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bsf-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-log4j-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-oro-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-regexp-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-resolver-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-commons-logging-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javadoc-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javamail-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jdepend-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jmf-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-junit-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-manual-1.9.4-3.12.3.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-scripts-1.9.4-3.12.1.noarch",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-swing-1.9.4-3.12.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-1945",
          "url": "https://www.suse.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171696 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1171696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177180 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1177180"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179729 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1179729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bcel-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bsf-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-log4j-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-oro-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-regexp-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-resolver-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-commons-logging-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javadoc-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javamail-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jdepend-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jmf-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-junit-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-manual-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-scripts-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-swing-1.9.4-3.12.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-antlr-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bcel-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-bsf-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-log4j-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-oro-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-regexp-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-apache-resolver-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-commons-logging-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javadoc-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-javamail-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jdepend-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-jmf-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-junit-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-manual-1.9.4-3.12.3.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-scripts-1.9.4-3.12.1.noarch",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:ant-swing-1.9.4-3.12.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-11-16T15:08:09Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-1945"
    }
  ]
}

SUSE-SU-2020:1944-1

Vulnerability from csaf_suse - Published: 2020-07-17 11:50 - Updated: 2020-07-17 11:50

Summary

Security update for ant

Notes

Title of the patch

Security update for ant

Description of the patch

This update for ant fixes the following issues: - CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696).

Patchnames

SUSE-2020-1944,SUSE-SLE-Module-Development-Tools-15-SP2-2020-1944

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ant",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ant fixes the following issues:\n\n- CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696).\t  \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-1944,SUSE-SLE-Module-Development-Tools-15-SP2-2020-1944",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1944-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:1944-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201944-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:1944-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-July/007146.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171696",
        "url": "https://bugzilla.suse.com/1171696"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-1945 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-1945/"
      }
    ],
    "title": "Security update for ant",
    "tracking": {
      "current_release_date": "2020-07-17T11:50:51Z",
      "generator": {
        "date": "2020-07-17T11:50:51Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:1944-1",
      "initial_release_date": "2020-07-17T11:50:51Z",
      "revision_history": [
        {
          "date": "2020-07-17T11:50:51Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ant-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-1.10.7-4.3.1.noarch",
                  "product_id": "ant-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-antlr-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-antlr-1.10.7-4.3.1.noarch",
                  "product_id": "ant-antlr-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-bcel-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-apache-bcel-1.10.7-4.3.1.noarch",
                  "product_id": "ant-apache-bcel-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-bsf-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-apache-bsf-1.10.7-4.3.1.noarch",
                  "product_id": "ant-apache-bsf-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-log4j-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-apache-log4j-1.10.7-4.3.1.noarch",
                  "product_id": "ant-apache-log4j-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-oro-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-apache-oro-1.10.7-4.3.1.noarch",
                  "product_id": "ant-apache-oro-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-regexp-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-apache-regexp-1.10.7-4.3.1.noarch",
                  "product_id": "ant-apache-regexp-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-resolver-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-apache-resolver-1.10.7-4.3.1.noarch",
                  "product_id": "ant-apache-resolver-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-xalan2-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-apache-xalan2-1.10.7-4.3.1.noarch",
                  "product_id": "ant-apache-xalan2-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-commons-logging-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-commons-logging-1.10.7-4.3.1.noarch",
                  "product_id": "ant-commons-logging-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-commons-net-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-commons-net-1.10.7-4.3.1.noarch",
                  "product_id": "ant-commons-net-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-imageio-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-imageio-1.10.7-4.3.1.noarch",
                  "product_id": "ant-imageio-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-javamail-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-javamail-1.10.7-4.3.1.noarch",
                  "product_id": "ant-javamail-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jdepend-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-jdepend-1.10.7-4.3.1.noarch",
                  "product_id": "ant-jdepend-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jmf-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-jmf-1.10.7-4.3.1.noarch",
                  "product_id": "ant-jmf-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jsch-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-jsch-1.10.7-4.3.1.noarch",
                  "product_id": "ant-jsch-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-junit-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-junit-1.10.7-4.3.1.noarch",
                  "product_id": "ant-junit-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-junit5-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-junit5-1.10.7-4.3.1.noarch",
                  "product_id": "ant-junit5-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-manual-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-manual-1.10.7-4.3.1.noarch",
                  "product_id": "ant-manual-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-scripts-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-scripts-1.10.7-4.3.1.noarch",
                  "product_id": "ant-scripts-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-swing-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-swing-1.10.7-4.3.1.noarch",
                  "product_id": "ant-swing-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-testutil-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-testutil-1.10.7-4.3.1.noarch",
                  "product_id": "ant-testutil-1.10.7-4.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-xz-1.10.7-4.3.1.noarch",
                "product": {
                  "name": "ant-xz-1.10.7-4.3.1.noarch",
                  "product_id": "ant-xz-1.10.7-4.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-development-tools:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-antlr-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-antlr-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-antlr-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-bcel-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bcel-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-apache-bcel-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-bsf-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bsf-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-apache-bsf-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-log4j-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-log4j-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-apache-log4j-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-oro-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-oro-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-apache-oro-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-regexp-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-regexp-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-apache-regexp-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-resolver-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-resolver-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-apache-resolver-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-commons-logging-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-commons-logging-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-commons-logging-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-javamail-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-javamail-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-javamail-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jdepend-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jdepend-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-jdepend-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jmf-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jmf-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-jmf-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-junit-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-junit-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-junit-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-manual-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-manual-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-manual-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-scripts-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-scripts-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-scripts-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-swing-1.10.7-4.3.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-swing-1.10.7-4.3.1.noarch"
        },
        "product_reference": "ant-swing-1.10.7-4.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-1945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-antlr-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bcel-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bsf-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-log4j-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-oro-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-regexp-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-resolver-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-commons-logging-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-javamail-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jdepend-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jmf-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-junit-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-manual-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-scripts-1.10.7-4.3.1.noarch",
          "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-swing-1.10.7-4.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-1945",
          "url": "https://www.suse.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171696 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1171696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177180 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1177180"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179729 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1179729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-antlr-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bcel-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bsf-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-log4j-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-oro-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-regexp-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-resolver-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-commons-logging-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-javamail-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jdepend-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jmf-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-junit-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-manual-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-scripts-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-swing-1.10.7-4.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-antlr-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bcel-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-bsf-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-log4j-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-oro-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-regexp-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-apache-resolver-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-commons-logging-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-javamail-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jdepend-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-jmf-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-junit-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-manual-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-scripts-1.10.7-4.3.1.noarch",
            "SUSE Linux Enterprise Module for Development Tools 15 SP2:ant-swing-1.10.7-4.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-17T11:50:51Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-1945"
    }
  ]
}

CNVD-2020-46282

Vulnerability from cnvd - Published: 2020-08-16

Title

Apache Ant信息泄露漏洞

Description

Apache Ant是美国阿帕奇软件（Apache Software）基金会的一套用于Java软件开发的自动化工具。该工具主要用于软件的编译、测试和部署等。 Apache Ant 1.1版本至1.9.14版本和1.10.0版本至1.10.7版本中存在安全漏洞。攻击者可利用该漏洞泄漏敏感信息。

Severity

低

Patch Name

Apache Ant信息泄露漏洞的补丁

Patch Description

Apache Ant是美国阿帕奇软件（Apache Software）基金会的一套用于Java软件开发的自动化工具。该工具主要用于软件的编译、测试和部署等。 Apache Ant 1.1版本至1.9.14版本和1.10.0版本至1.10.7版本中存在安全漏洞。攻击者可利用该漏洞泄漏敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://ant.apache.org/security.html

Reference

https://www.auscert.org.au/bulletins/ESB-2020.1680/

Impacted products

Name
['Apache Ant >=1.1，<=1.9.14', 'Apache Ant >=1.10.0，<=1.10.7']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1945"
    }
  },
  "description": "Apache Ant\u662f\u7f8e\u56fd\u963f\u5e15\u5947\u8f6f\u4ef6\uff08Apache Software\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8eJava\u8f6f\u4ef6\u5f00\u53d1\u7684\u81ea\u52a8\u5316\u5de5\u5177\u3002\u8be5\u5de5\u5177\u4e3b\u8981\u7528\u4e8e\u8f6f\u4ef6\u7684\u7f16\u8bd1\u3001\u6d4b\u8bd5\u548c\u90e8\u7f72\u7b49\u3002\n\nApache Ant 1.1\u7248\u672c\u81f31.9.14\u7248\u672c\u548c1.10.0\u7248\u672c\u81f31.10.7\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u6f0f\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://ant.apache.org/security.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-46282",
  "openTime": "2020-08-16",
  "patchDescription": "Apache Ant\u662f\u7f8e\u56fd\u963f\u5e15\u5947\u8f6f\u4ef6\uff08Apache Software\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8eJava\u8f6f\u4ef6\u5f00\u53d1\u7684\u81ea\u52a8\u5316\u5de5\u5177\u3002\u8be5\u5de5\u5177\u4e3b\u8981\u7528\u4e8e\u8f6f\u4ef6\u7684\u7f16\u8bd1\u3001\u6d4b\u8bd5\u548c\u90e8\u7f72\u7b49\u3002\r\n\r\nApache Ant 1.1\u7248\u672c\u81f31.9.14\u7248\u672c\u548c1.10.0\u7248\u672c\u81f31.10.7\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u6f0f\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Ant\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Ant \u003e=1.1\uff0c\u003c=1.9.14",
      "Apache Ant \u003e=1.10.0\uff0c\u003c=1.10.7"
    ]
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.1680/",
  "serverity": "\u4f4e",
  "submitTime": "2020-05-15",
  "title": "Apache Ant\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

WID-SEC-W-2024-0794

Vulnerability from csaf_certbund - Published: 2024-04-04 22:00 - Updated: 2024-11-27 23:00

Summary

Dell ECS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Dell ECS ist ein Objektspeichersystem.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuführen, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dell ECS ist ein Objektspeichersystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0794 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0794 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-141 vom 2024-04-04",
        "url": "https://www.dell.com/support/kbdoc/000223839/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "Dell ECS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-27T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-28T11:39:04.623+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-0794",
      "initial_release_date": "2024-04-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-27T23:00:00.000+00:00",
          "number": "2",
          "summary": "Produktzuordnung \u00fcberpr\u00fcft"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.8.1.0",
                "product": {
                  "name": "Dell ECS \u003c3.8.1.0",
                  "product_id": "T033919"
                }
              },
              {
                "category": "product_version",
                "name": "3.8.1.0",
                "product": {
                  "name": "Dell ECS 3.8.1.0",
                  "product_id": "T033919-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:ecs:3.8.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ECS"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-18074",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2018-18074"
    },
    {
      "cve": "CVE-2020-10663",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10663"
    },
    {
      "cve": "CVE-2020-10672",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10672"
    },
    {
      "cve": "CVE-2020-10673",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10673"
    },
    {
      "cve": "CVE-2020-10735",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10735"
    },
    {
      "cve": "CVE-2020-10968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10968"
    },
    {
      "cve": "CVE-2020-10969",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-10969"
    },
    {
      "cve": "CVE-2020-11111",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11111"
    },
    {
      "cve": "CVE-2020-11112",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11112"
    },
    {
      "cve": "CVE-2020-11113",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11113"
    },
    {
      "cve": "CVE-2020-11612",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11612"
    },
    {
      "cve": "CVE-2020-11619",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11619"
    },
    {
      "cve": "CVE-2020-11620",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11620"
    },
    {
      "cve": "CVE-2020-11979",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-11979"
    },
    {
      "cve": "CVE-2020-12762",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-12762"
    },
    {
      "cve": "CVE-2020-12825",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-12825"
    },
    {
      "cve": "CVE-2020-13956",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2020-14060",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14060"
    },
    {
      "cve": "CVE-2020-14061",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14061"
    },
    {
      "cve": "CVE-2020-14062",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14062"
    },
    {
      "cve": "CVE-2020-14195",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-14195"
    },
    {
      "cve": "CVE-2020-15250",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-15250"
    },
    {
      "cve": "CVE-2020-1945",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-1945"
    },
    {
      "cve": "CVE-2020-1967",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-1967"
    },
    {
      "cve": "CVE-2020-1971",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-1971"
    },
    {
      "cve": "CVE-2020-24616",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-24616"
    },
    {
      "cve": "CVE-2020-24750",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-24750"
    },
    {
      "cve": "CVE-2020-25649",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-25649"
    },
    {
      "cve": "CVE-2020-25658",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-25658"
    },
    {
      "cve": "CVE-2020-26116",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-26116"
    },
    {
      "cve": "CVE-2020-26137",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-26137"
    },
    {
      "cve": "CVE-2020-26541",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-26541"
    },
    {
      "cve": "CVE-2020-27216",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-27216"
    },
    {
      "cve": "CVE-2020-27218",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-27218"
    },
    {
      "cve": "CVE-2020-27223",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-27223"
    },
    {
      "cve": "CVE-2020-28366",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-28366"
    },
    {
      "cve": "CVE-2020-28493",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-28493"
    },
    {
      "cve": "CVE-2020-29509",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29509"
    },
    {
      "cve": "CVE-2020-29511",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29511"
    },
    {
      "cve": "CVE-2020-29582",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29582"
    },
    {
      "cve": "CVE-2020-29651",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-29651"
    },
    {
      "cve": "CVE-2020-35490",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-35490"
    },
    {
      "cve": "CVE-2020-35491",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-35491"
    },
    {
      "cve": "CVE-2020-35728",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-35728"
    },
    {
      "cve": "CVE-2020-36179",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36179"
    },
    {
      "cve": "CVE-2020-36180",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36180"
    },
    {
      "cve": "CVE-2020-36181",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36181"
    },
    {
      "cve": "CVE-2020-36182",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36182"
    },
    {
      "cve": "CVE-2020-36183",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36183"
    },
    {
      "cve": "CVE-2020-36184",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36184"
    },
    {
      "cve": "CVE-2020-36185",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36185"
    },
    {
      "cve": "CVE-2020-36186",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36186"
    },
    {
      "cve": "CVE-2020-36187",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36187"
    },
    {
      "cve": "CVE-2020-36188",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36188"
    },
    {
      "cve": "CVE-2020-36189",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36189"
    },
    {
      "cve": "CVE-2020-36516",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36516"
    },
    {
      "cve": "CVE-2020-36518",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36518"
    },
    {
      "cve": "CVE-2020-36557",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36557"
    },
    {
      "cve": "CVE-2020-36558",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36558"
    },
    {
      "cve": "CVE-2020-36691",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-36691"
    },
    {
      "cve": "CVE-2020-7238",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-7238"
    },
    {
      "cve": "CVE-2020-8840",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8840"
    },
    {
      "cve": "CVE-2020-8908",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8908"
    },
    {
      "cve": "CVE-2020-8911",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8911"
    },
    {
      "cve": "CVE-2020-8912",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-8912"
    },
    {
      "cve": "CVE-2020-9488",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9488"
    },
    {
      "cve": "CVE-2020-9493",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9493"
    },
    {
      "cve": "CVE-2020-9546",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9546"
    },
    {
      "cve": "CVE-2020-9547",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9547"
    },
    {
      "cve": "CVE-2020-9548",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2020-9548"
    },
    {
      "cve": "CVE-2021-20190",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-20190"
    },
    {
      "cve": "CVE-2021-20323",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-20323"
    },
    {
      "cve": "CVE-2021-21290",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-21290"
    },
    {
      "cve": "CVE-2021-21295",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-21295"
    },
    {
      "cve": "CVE-2021-21409",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-21409"
    },
    {
      "cve": "CVE-2021-23840",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-23840"
    },
    {
      "cve": "CVE-2021-23841",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-23841"
    },
    {
      "cve": "CVE-2021-2471",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-2471"
    },
    {
      "cve": "CVE-2021-25642",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-25642"
    },
    {
      "cve": "CVE-2021-26341",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-26341"
    },
    {
      "cve": "CVE-2021-27918",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-27918"
    },
    {
      "cve": "CVE-2021-28153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28153"
    },
    {
      "cve": "CVE-2021-28165",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28165"
    },
    {
      "cve": "CVE-2021-28169",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28169"
    },
    {
      "cve": "CVE-2021-28861",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-28861"
    },
    {
      "cve": "CVE-2021-29425",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-30560",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-30560"
    },
    {
      "cve": "CVE-2021-3114",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3114"
    },
    {
      "cve": "CVE-2021-33036",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33036"
    },
    {
      "cve": "CVE-2021-33194",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33194"
    },
    {
      "cve": "CVE-2021-33195",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33195"
    },
    {
      "cve": "CVE-2021-33196",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33196"
    },
    {
      "cve": "CVE-2021-33197",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33197"
    },
    {
      "cve": "CVE-2021-33503",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33503"
    },
    {
      "cve": "CVE-2021-33655",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33655"
    },
    {
      "cve": "CVE-2021-33656",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-33656"
    },
    {
      "cve": "CVE-2021-3424",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3424"
    },
    {
      "cve": "CVE-2021-34428",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-34428"
    },
    {
      "cve": "CVE-2021-3449",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3449"
    },
    {
      "cve": "CVE-2021-3450",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3450"
    },
    {
      "cve": "CVE-2021-3530",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3530"
    },
    {
      "cve": "CVE-2021-36221",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36221"
    },
    {
      "cve": "CVE-2021-36373",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36373"
    },
    {
      "cve": "CVE-2021-36374",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36374"
    },
    {
      "cve": "CVE-2021-3648",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3648"
    },
    {
      "cve": "CVE-2021-36690",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-36690"
    },
    {
      "cve": "CVE-2021-3711",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3711"
    },
    {
      "cve": "CVE-2021-3712",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3712"
    },
    {
      "cve": "CVE-2021-37136",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37136"
    },
    {
      "cve": "CVE-2021-37137",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37137"
    },
    {
      "cve": "CVE-2021-37404",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37404"
    },
    {
      "cve": "CVE-2021-37533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2021-3754",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3754"
    },
    {
      "cve": "CVE-2021-3778",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3778"
    },
    {
      "cve": "CVE-2021-3796",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3796"
    },
    {
      "cve": "CVE-2021-3826",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3826"
    },
    {
      "cve": "CVE-2021-3827",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3827"
    },
    {
      "cve": "CVE-2021-38297",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-38297"
    },
    {
      "cve": "CVE-2021-3872",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3872"
    },
    {
      "cve": "CVE-2021-3875",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3875"
    },
    {
      "cve": "CVE-2021-3903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3903"
    },
    {
      "cve": "CVE-2021-3923",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3923"
    },
    {
      "cve": "CVE-2021-3927",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3927"
    },
    {
      "cve": "CVE-2021-3928",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3928"
    },
    {
      "cve": "CVE-2021-3968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3968"
    },
    {
      "cve": "CVE-2021-3973",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3973"
    },
    {
      "cve": "CVE-2021-3974",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3974"
    },
    {
      "cve": "CVE-2021-3984",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-3984"
    },
    {
      "cve": "CVE-2021-4019",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4019"
    },
    {
      "cve": "CVE-2021-4037",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4037"
    },
    {
      "cve": "CVE-2021-4069",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4069"
    },
    {
      "cve": "CVE-2021-4104",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4104"
    },
    {
      "cve": "CVE-2021-4136",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4136"
    },
    {
      "cve": "CVE-2021-4157",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4157"
    },
    {
      "cve": "CVE-2021-4166",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4166"
    },
    {
      "cve": "CVE-2021-41771",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-41771"
    },
    {
      "cve": "CVE-2021-4192",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4192"
    },
    {
      "cve": "CVE-2021-4193",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4193"
    },
    {
      "cve": "CVE-2021-4203",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-4203"
    },
    {
      "cve": "CVE-2021-42567",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-42567"
    },
    {
      "cve": "CVE-2021-43797",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-43797"
    },
    {
      "cve": "CVE-2021-44531",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44531"
    },
    {
      "cve": "CVE-2021-44532",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44532"
    },
    {
      "cve": "CVE-2021-44533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44533"
    },
    {
      "cve": "CVE-2021-44716",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44878",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-44878"
    },
    {
      "cve": "CVE-2021-45078",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-45078"
    },
    {
      "cve": "CVE-2021-46195",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-46195"
    },
    {
      "cve": "CVE-2021-46828",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-46828"
    },
    {
      "cve": "CVE-2021-46848",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2021-46848"
    },
    {
      "cve": "CVE-2022-0128",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0128"
    },
    {
      "cve": "CVE-2022-0213",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0213"
    },
    {
      "cve": "CVE-2022-0225",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0225"
    },
    {
      "cve": "CVE-2022-0261",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0261"
    },
    {
      "cve": "CVE-2022-0318",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0318"
    },
    {
      "cve": "CVE-2022-0319",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0319"
    },
    {
      "cve": "CVE-2022-0351",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0351"
    },
    {
      "cve": "CVE-2022-0359",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0359"
    },
    {
      "cve": "CVE-2022-0361",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0361"
    },
    {
      "cve": "CVE-2022-0392",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0392"
    },
    {
      "cve": "CVE-2022-0407",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0407"
    },
    {
      "cve": "CVE-2022-0413",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0413"
    },
    {
      "cve": "CVE-2022-0561",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0561"
    },
    {
      "cve": "CVE-2022-0696",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0696"
    },
    {
      "cve": "CVE-2022-0778",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-0778"
    },
    {
      "cve": "CVE-2022-1184",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1184"
    },
    {
      "cve": "CVE-2022-1245",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1245"
    },
    {
      "cve": "CVE-2022-1271",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1271"
    },
    {
      "cve": "CVE-2022-1292",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1292"
    },
    {
      "cve": "CVE-2022-1381",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1381"
    },
    {
      "cve": "CVE-2022-1420",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1420"
    },
    {
      "cve": "CVE-2022-1462",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1462"
    },
    {
      "cve": "CVE-2022-1466",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1466"
    },
    {
      "cve": "CVE-2022-1471",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-1586",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1586"
    },
    {
      "cve": "CVE-2022-1587",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1587"
    },
    {
      "cve": "CVE-2022-1616",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1616"
    },
    {
      "cve": "CVE-2022-1619",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1619"
    },
    {
      "cve": "CVE-2022-1620",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1620"
    },
    {
      "cve": "CVE-2022-1679",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1679"
    },
    {
      "cve": "CVE-2022-1705",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1720",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1720"
    },
    {
      "cve": "CVE-2022-1729",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1729"
    },
    {
      "cve": "CVE-2022-1733",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1733"
    },
    {
      "cve": "CVE-2022-1735",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1735"
    },
    {
      "cve": "CVE-2022-1771",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1771"
    },
    {
      "cve": "CVE-2022-1785",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1785"
    },
    {
      "cve": "CVE-2022-1796",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1796"
    },
    {
      "cve": "CVE-2022-1851",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1851"
    },
    {
      "cve": "CVE-2022-1897",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1897"
    },
    {
      "cve": "CVE-2022-1898",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1898"
    },
    {
      "cve": "CVE-2022-1927",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1927"
    },
    {
      "cve": "CVE-2022-1962",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-1968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1968"
    },
    {
      "cve": "CVE-2022-1974",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1974"
    },
    {
      "cve": "CVE-2022-1975",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-1975"
    },
    {
      "cve": "CVE-2022-20132",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20132"
    },
    {
      "cve": "CVE-2022-20141",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20141"
    },
    {
      "cve": "CVE-2022-20154",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20154"
    },
    {
      "cve": "CVE-2022-20166",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20166"
    },
    {
      "cve": "CVE-2022-20368",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20368"
    },
    {
      "cve": "CVE-2022-20369",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20369"
    },
    {
      "cve": "CVE-2022-2047",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2047"
    },
    {
      "cve": "CVE-2022-2048",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2048"
    },
    {
      "cve": "CVE-2022-20567",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-20567"
    },
    {
      "cve": "CVE-2022-2068",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2068"
    },
    {
      "cve": "CVE-2022-2097",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2097"
    },
    {
      "cve": "CVE-2022-21216",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21216"
    },
    {
      "cve": "CVE-2022-21233",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21233"
    },
    {
      "cve": "CVE-2022-2124",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2124"
    },
    {
      "cve": "CVE-2022-2125",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2125"
    },
    {
      "cve": "CVE-2022-2126",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2126"
    },
    {
      "cve": "CVE-2022-2129",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2129"
    },
    {
      "cve": "CVE-2022-21363",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21363"
    },
    {
      "cve": "CVE-2022-21385",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21385"
    },
    {
      "cve": "CVE-2022-21499",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21499"
    },
    {
      "cve": "CVE-2022-2153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2153"
    },
    {
      "cve": "CVE-2022-21540",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21540"
    },
    {
      "cve": "CVE-2022-21541",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21541"
    },
    {
      "cve": "CVE-2022-21549",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21549"
    },
    {
      "cve": "CVE-2022-21618",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21618"
    },
    {
      "cve": "CVE-2022-21619",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21619"
    },
    {
      "cve": "CVE-2022-21624",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21624"
    },
    {
      "cve": "CVE-2022-21626",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21626"
    },
    {
      "cve": "CVE-2022-21628",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21628"
    },
    {
      "cve": "CVE-2022-21702",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-21702"
    },
    {
      "cve": "CVE-2022-2175",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2175"
    },
    {
      "cve": "CVE-2022-2182",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2182"
    },
    {
      "cve": "CVE-2022-2183",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2183"
    },
    {
      "cve": "CVE-2022-2206",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2206"
    },
    {
      "cve": "CVE-2022-2207",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2207"
    },
    {
      "cve": "CVE-2022-2208",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2208"
    },
    {
      "cve": "CVE-2022-2210",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2210"
    },
    {
      "cve": "CVE-2022-2231",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2231"
    },
    {
      "cve": "CVE-2022-2256",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2256"
    },
    {
      "cve": "CVE-2022-2257",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2257"
    },
    {
      "cve": "CVE-2022-2264",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2264"
    },
    {
      "cve": "CVE-2022-2284",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2284"
    },
    {
      "cve": "CVE-2022-2285",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2285"
    },
    {
      "cve": "CVE-2022-2286",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2286"
    },
    {
      "cve": "CVE-2022-2287",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2287"
    },
    {
      "cve": "CVE-2022-22976",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-22976"
    },
    {
      "cve": "CVE-2022-22978",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-22978"
    },
    {
      "cve": "CVE-2022-2304",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2304"
    },
    {
      "cve": "CVE-2022-2318",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2318"
    },
    {
      "cve": "CVE-2022-23302",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23302"
    },
    {
      "cve": "CVE-2022-23305",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23305"
    },
    {
      "cve": "CVE-2022-23307",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23307"
    },
    {
      "cve": "CVE-2022-2343",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2343"
    },
    {
      "cve": "CVE-2022-2344",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2344"
    },
    {
      "cve": "CVE-2022-2345",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2345"
    },
    {
      "cve": "CVE-2022-23471",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23471"
    },
    {
      "cve": "CVE-2022-23521",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23521"
    },
    {
      "cve": "CVE-2022-23772",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-24302",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24302"
    },
    {
      "cve": "CVE-2022-24329",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24329"
    },
    {
      "cve": "CVE-2022-24823",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24823"
    },
    {
      "cve": "CVE-2022-24903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-24903"
    },
    {
      "cve": "CVE-2022-2503",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2503"
    },
    {
      "cve": "CVE-2022-25147",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25147"
    },
    {
      "cve": "CVE-2022-25168",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25168"
    },
    {
      "cve": "CVE-2022-2519",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2519"
    },
    {
      "cve": "CVE-2022-2520",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2520"
    },
    {
      "cve": "CVE-2022-2521",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2521"
    },
    {
      "cve": "CVE-2022-2522",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2522"
    },
    {
      "cve": "CVE-2022-25647",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25647"
    },
    {
      "cve": "CVE-2022-2571",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2571"
    },
    {
      "cve": "CVE-2022-2580",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2580"
    },
    {
      "cve": "CVE-2022-2581",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2581"
    },
    {
      "cve": "CVE-2022-25857",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-25857"
    },
    {
      "cve": "CVE-2022-2588",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2588"
    },
    {
      "cve": "CVE-2022-2598",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2598"
    },
    {
      "cve": "CVE-2022-26148",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26148"
    },
    {
      "cve": "CVE-2022-26365",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26365"
    },
    {
      "cve": "CVE-2022-26373",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26373"
    },
    {
      "cve": "CVE-2022-2639",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2639"
    },
    {
      "cve": "CVE-2022-26612",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-26612"
    },
    {
      "cve": "CVE-2022-2663",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2663"
    },
    {
      "cve": "CVE-2022-27781",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-27943",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-27943"
    },
    {
      "cve": "CVE-2022-2795",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2795"
    },
    {
      "cve": "CVE-2022-28131",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-2816",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2816"
    },
    {
      "cve": "CVE-2022-2817",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2817"
    },
    {
      "cve": "CVE-2022-2819",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2819"
    },
    {
      "cve": "CVE-2022-28327",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2845",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2845"
    },
    {
      "cve": "CVE-2022-2849",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2849"
    },
    {
      "cve": "CVE-2022-2862",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2862"
    },
    {
      "cve": "CVE-2022-2867",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2867"
    },
    {
      "cve": "CVE-2022-2868",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2868"
    },
    {
      "cve": "CVE-2022-2869",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2869"
    },
    {
      "cve": "CVE-2022-28693",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28693"
    },
    {
      "cve": "CVE-2022-2874",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2874"
    },
    {
      "cve": "CVE-2022-28748",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-28748"
    },
    {
      "cve": "CVE-2022-2880",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-2889",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2889"
    },
    {
      "cve": "CVE-2022-29162",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29162"
    },
    {
      "cve": "CVE-2022-29187",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29187"
    },
    {
      "cve": "CVE-2022-2923",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2923"
    },
    {
      "cve": "CVE-2022-2946",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2946"
    },
    {
      "cve": "CVE-2022-29526",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29583",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29583"
    },
    {
      "cve": "CVE-2022-2964",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2964"
    },
    {
      "cve": "CVE-2022-2977",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2977"
    },
    {
      "cve": "CVE-2022-2980",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2980"
    },
    {
      "cve": "CVE-2022-2982",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2982"
    },
    {
      "cve": "CVE-2022-29900",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29900"
    },
    {
      "cve": "CVE-2022-29901",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-29901"
    },
    {
      "cve": "CVE-2022-2991",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-2991"
    },
    {
      "cve": "CVE-2022-3016",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3016"
    },
    {
      "cve": "CVE-2022-3028",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3028"
    },
    {
      "cve": "CVE-2022-3037",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3037"
    },
    {
      "cve": "CVE-2022-30580",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30630",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-3099",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3099"
    },
    {
      "cve": "CVE-2022-31030",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-31030"
    },
    {
      "cve": "CVE-2022-31159",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-31159"
    },
    {
      "cve": "CVE-2022-3134",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3134"
    },
    {
      "cve": "CVE-2022-3153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3153"
    },
    {
      "cve": "CVE-2022-3169",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3169"
    },
    {
      "cve": "CVE-2022-31690",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-31690"
    },
    {
      "cve": "CVE-2022-32148",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32149",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32149"
    },
    {
      "cve": "CVE-2022-32206",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32208",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-3234",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3234"
    },
    {
      "cve": "CVE-2022-3235",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3235"
    },
    {
      "cve": "CVE-2022-3239",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3239"
    },
    {
      "cve": "CVE-2022-3278",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3278"
    },
    {
      "cve": "CVE-2022-3296",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3296"
    },
    {
      "cve": "CVE-2022-3297",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3297"
    },
    {
      "cve": "CVE-2022-33196",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33196"
    },
    {
      "cve": "CVE-2022-3324",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3324"
    },
    {
      "cve": "CVE-2022-3352",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3352"
    },
    {
      "cve": "CVE-2022-33740",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33740"
    },
    {
      "cve": "CVE-2022-33741",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33741"
    },
    {
      "cve": "CVE-2022-33742",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33742"
    },
    {
      "cve": "CVE-2022-33972",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33972"
    },
    {
      "cve": "CVE-2022-33981",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-33981"
    },
    {
      "cve": "CVE-2022-34169",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34169"
    },
    {
      "cve": "CVE-2022-3424",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3424"
    },
    {
      "cve": "CVE-2022-34266",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34266"
    },
    {
      "cve": "CVE-2022-34526",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34526"
    },
    {
      "cve": "CVE-2022-34903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-34903"
    },
    {
      "cve": "CVE-2022-3491",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3491"
    },
    {
      "cve": "CVE-2022-3515",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3515"
    },
    {
      "cve": "CVE-2022-3520",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3520"
    },
    {
      "cve": "CVE-2022-3521",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3521"
    },
    {
      "cve": "CVE-2022-3524",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3524"
    },
    {
      "cve": "CVE-2022-35252",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-3542",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3542"
    },
    {
      "cve": "CVE-2022-3545",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3545"
    },
    {
      "cve": "CVE-2022-3564",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3564"
    },
    {
      "cve": "CVE-2022-3565",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3565"
    },
    {
      "cve": "CVE-2022-3566",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3566"
    },
    {
      "cve": "CVE-2022-3567",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3567"
    },
    {
      "cve": "CVE-2022-35737",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-3586",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3586"
    },
    {
      "cve": "CVE-2022-3591",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3591"
    },
    {
      "cve": "CVE-2022-3594",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3594"
    },
    {
      "cve": "CVE-2022-3597",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3597"
    },
    {
      "cve": "CVE-2022-3599",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3599"
    },
    {
      "cve": "CVE-2022-36109",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36109"
    },
    {
      "cve": "CVE-2022-3621",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3621"
    },
    {
      "cve": "CVE-2022-3626",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3626"
    },
    {
      "cve": "CVE-2022-3627",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3627"
    },
    {
      "cve": "CVE-2022-3628",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3628"
    },
    {
      "cve": "CVE-2022-36280",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36280"
    },
    {
      "cve": "CVE-2022-3629",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3629"
    },
    {
      "cve": "CVE-2022-3635",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3635"
    },
    {
      "cve": "CVE-2022-3643",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3643"
    },
    {
      "cve": "CVE-2022-36437",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36437"
    },
    {
      "cve": "CVE-2022-3646",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3646"
    },
    {
      "cve": "CVE-2022-3649",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3649"
    },
    {
      "cve": "CVE-2022-36760",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36760"
    },
    {
      "cve": "CVE-2022-36879",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36879"
    },
    {
      "cve": "CVE-2022-36946",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-36946"
    },
    {
      "cve": "CVE-2022-3705",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3705"
    },
    {
      "cve": "CVE-2022-37434",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-37436",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37436"
    },
    {
      "cve": "CVE-2022-37865",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37865"
    },
    {
      "cve": "CVE-2022-37866",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-37866"
    },
    {
      "cve": "CVE-2022-38090",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38090"
    },
    {
      "cve": "CVE-2022-38096",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38096"
    },
    {
      "cve": "CVE-2022-38126",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38126"
    },
    {
      "cve": "CVE-2022-38127",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38127"
    },
    {
      "cve": "CVE-2022-38177",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38177"
    },
    {
      "cve": "CVE-2022-38178",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38178"
    },
    {
      "cve": "CVE-2022-3821",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3821"
    },
    {
      "cve": "CVE-2022-38533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38533"
    },
    {
      "cve": "CVE-2022-38749",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38749"
    },
    {
      "cve": "CVE-2022-38750",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38750"
    },
    {
      "cve": "CVE-2022-38751",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38751"
    },
    {
      "cve": "CVE-2022-38752",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-39028",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-39028"
    },
    {
      "cve": "CVE-2022-3903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3903"
    },
    {
      "cve": "CVE-2022-39188",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-39188"
    },
    {
      "cve": "CVE-2022-39399",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-39399"
    },
    {
      "cve": "CVE-2022-3970",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-3970"
    },
    {
      "cve": "CVE-2022-40149",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40149"
    },
    {
      "cve": "CVE-2022-40150",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40150"
    },
    {
      "cve": "CVE-2022-40151",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40151"
    },
    {
      "cve": "CVE-2022-40152",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-40153",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40153"
    },
    {
      "cve": "CVE-2022-40303",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40303"
    },
    {
      "cve": "CVE-2022-40304",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-40307",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40307"
    },
    {
      "cve": "CVE-2022-40674",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40674"
    },
    {
      "cve": "CVE-2022-40768",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40768"
    },
    {
      "cve": "CVE-2022-40899",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-40899"
    },
    {
      "cve": "CVE-2022-4095",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4095"
    },
    {
      "cve": "CVE-2022-41218",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41218"
    },
    {
      "cve": "CVE-2022-4129",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4129"
    },
    {
      "cve": "CVE-2022-4141",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4141"
    },
    {
      "cve": "CVE-2022-41717",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41717"
    },
    {
      "cve": "CVE-2022-41721",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41721"
    },
    {
      "cve": "CVE-2022-41848",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41848"
    },
    {
      "cve": "CVE-2022-41850",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41850"
    },
    {
      "cve": "CVE-2022-41854",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41854"
    },
    {
      "cve": "CVE-2022-41858",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41858"
    },
    {
      "cve": "CVE-2022-41881",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41881"
    },
    {
      "cve": "CVE-2022-41903",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41903"
    },
    {
      "cve": "CVE-2022-41915",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41915"
    },
    {
      "cve": "CVE-2022-41966",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41966"
    },
    {
      "cve": "CVE-2022-41974",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-41974"
    },
    {
      "cve": "CVE-2022-42003",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42010",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42010"
    },
    {
      "cve": "CVE-2022-42011",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42011"
    },
    {
      "cve": "CVE-2022-42012",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42012"
    },
    {
      "cve": "CVE-2022-42328",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42328"
    },
    {
      "cve": "CVE-2022-42329",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42329"
    },
    {
      "cve": "CVE-2022-42703",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42703"
    },
    {
      "cve": "CVE-2022-42889",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42889"
    },
    {
      "cve": "CVE-2022-42895",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42895"
    },
    {
      "cve": "CVE-2022-42896",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42896"
    },
    {
      "cve": "CVE-2022-42898",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42898"
    },
    {
      "cve": "CVE-2022-4292",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4292"
    },
    {
      "cve": "CVE-2022-4293",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4293"
    },
    {
      "cve": "CVE-2022-42969",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-42969"
    },
    {
      "cve": "CVE-2022-4304",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-43552",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-43680",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-43750",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43750"
    },
    {
      "cve": "CVE-2022-4378",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4378"
    },
    {
      "cve": "CVE-2022-43945",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43945"
    },
    {
      "cve": "CVE-2022-43995",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-43995"
    },
    {
      "cve": "CVE-2022-4415",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4415"
    },
    {
      "cve": "CVE-2022-4450",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4450"
    },
    {
      "cve": "CVE-2022-44638",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-44638"
    },
    {
      "cve": "CVE-2022-45061",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45061"
    },
    {
      "cve": "CVE-2022-45688",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45688"
    },
    {
      "cve": "CVE-2022-45884",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45884"
    },
    {
      "cve": "CVE-2022-45885",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45885"
    },
    {
      "cve": "CVE-2022-45886",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45886"
    },
    {
      "cve": "CVE-2022-45887",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45887"
    },
    {
      "cve": "CVE-2022-45919",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45919"
    },
    {
      "cve": "CVE-2022-45934",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45934"
    },
    {
      "cve": "CVE-2022-45939",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-45939"
    },
    {
      "cve": "CVE-2022-4662",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-4662"
    },
    {
      "cve": "CVE-2022-46751",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-46751"
    },
    {
      "cve": "CVE-2022-46908",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-46908"
    },
    {
      "cve": "CVE-2022-47629",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-47629"
    },
    {
      "cve": "CVE-2022-47929",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-47929"
    },
    {
      "cve": "CVE-2022-48281",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-48281"
    },
    {
      "cve": "CVE-2022-48337",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-48337"
    },
    {
      "cve": "CVE-2022-48339",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2022-48339"
    },
    {
      "cve": "CVE-2023-0045",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0045"
    },
    {
      "cve": "CVE-2023-0049",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0049"
    },
    {
      "cve": "CVE-2023-0051",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0051"
    },
    {
      "cve": "CVE-2023-0054",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0054"
    },
    {
      "cve": "CVE-2023-0215",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0286",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-0288",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0288"
    },
    {
      "cve": "CVE-2023-0433",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0433"
    },
    {
      "cve": "CVE-2023-0464",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0464"
    },
    {
      "cve": "CVE-2023-0465",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0465"
    },
    {
      "cve": "CVE-2023-0466",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0466"
    },
    {
      "cve": "CVE-2023-0512",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0512"
    },
    {
      "cve": "CVE-2023-0590",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0590"
    },
    {
      "cve": "CVE-2023-0597",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0597"
    },
    {
      "cve": "CVE-2023-0833",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-0833"
    },
    {
      "cve": "CVE-2023-1076",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1076"
    },
    {
      "cve": "CVE-2023-1095",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1095"
    },
    {
      "cve": "CVE-2023-1118",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1118"
    },
    {
      "cve": "CVE-2023-1127",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1127"
    },
    {
      "cve": "CVE-2023-1170",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1170"
    },
    {
      "cve": "CVE-2023-1175",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1175"
    },
    {
      "cve": "CVE-2023-1370",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-1380",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1380"
    },
    {
      "cve": "CVE-2023-1390",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1390"
    },
    {
      "cve": "CVE-2023-1436",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1436"
    },
    {
      "cve": "CVE-2023-1513",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1513"
    },
    {
      "cve": "CVE-2023-1611",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1611"
    },
    {
      "cve": "CVE-2023-1670",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1670"
    },
    {
      "cve": "CVE-2023-1855",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1855"
    },
    {
      "cve": "CVE-2023-1989",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1989"
    },
    {
      "cve": "CVE-2023-1990",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1990"
    },
    {
      "cve": "CVE-2023-1998",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-1998"
    },
    {
      "cve": "CVE-2023-20862",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-20862"
    },
    {
      "cve": "CVE-2023-2124",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2124"
    },
    {
      "cve": "CVE-2023-2162",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2162"
    },
    {
      "cve": "CVE-2023-2176",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2176"
    },
    {
      "cve": "CVE-2023-21830",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21830"
    },
    {
      "cve": "CVE-2023-21835",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21835"
    },
    {
      "cve": "CVE-2023-21843",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21843"
    },
    {
      "cve": "CVE-2023-21930",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21930"
    },
    {
      "cve": "CVE-2023-21937",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21937"
    },
    {
      "cve": "CVE-2023-21938",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21938"
    },
    {
      "cve": "CVE-2023-21939",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21939"
    },
    {
      "cve": "CVE-2023-2194",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2194"
    },
    {
      "cve": "CVE-2023-21954",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21954"
    },
    {
      "cve": "CVE-2023-21967",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21967"
    },
    {
      "cve": "CVE-2023-21968",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-21968"
    },
    {
      "cve": "CVE-2023-22490",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-22490"
    },
    {
      "cve": "CVE-2023-2253",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2253"
    },
    {
      "cve": "CVE-2023-22809",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-22809"
    },
    {
      "cve": "CVE-2023-23454",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23454"
    },
    {
      "cve": "CVE-2023-23455",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23455"
    },
    {
      "cve": "CVE-2023-23559",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23559"
    },
    {
      "cve": "CVE-2023-23916",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-23946",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-23946"
    },
    {
      "cve": "CVE-2023-24329",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24329"
    },
    {
      "cve": "CVE-2023-24532",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24532"
    },
    {
      "cve": "CVE-2023-24534",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24534"
    },
    {
      "cve": "CVE-2023-2483",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2483"
    },
    {
      "cve": "CVE-2023-24998",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-2513",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2513"
    },
    {
      "cve": "CVE-2023-25193",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25193"
    },
    {
      "cve": "CVE-2023-25652",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25652"
    },
    {
      "cve": "CVE-2023-25690",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25690"
    },
    {
      "cve": "CVE-2023-25809",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25809"
    },
    {
      "cve": "CVE-2023-25815",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-25815"
    },
    {
      "cve": "CVE-2023-26048",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26048"
    },
    {
      "cve": "CVE-2023-26049",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26049"
    },
    {
      "cve": "CVE-2023-2650",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2650"
    },
    {
      "cve": "CVE-2023-26545",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26545"
    },
    {
      "cve": "CVE-2023-26604",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-26604"
    },
    {
      "cve": "CVE-2023-27533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27538",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-27561",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-27561"
    },
    {
      "cve": "CVE-2023-2828",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2828"
    },
    {
      "cve": "CVE-2023-28320",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28320"
    },
    {
      "cve": "CVE-2023-28321",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28321"
    },
    {
      "cve": "CVE-2023-28322",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28322"
    },
    {
      "cve": "CVE-2023-28328",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28328"
    },
    {
      "cve": "CVE-2023-28464",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28464"
    },
    {
      "cve": "CVE-2023-28486",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28486"
    },
    {
      "cve": "CVE-2023-28487",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28487"
    },
    {
      "cve": "CVE-2023-28642",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28642"
    },
    {
      "cve": "CVE-2023-28772",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28772"
    },
    {
      "cve": "CVE-2023-28840",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28840"
    },
    {
      "cve": "CVE-2023-28841",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28841"
    },
    {
      "cve": "CVE-2023-28842",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-28842"
    },
    {
      "cve": "CVE-2023-29007",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29007"
    },
    {
      "cve": "CVE-2023-29383",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29383"
    },
    {
      "cve": "CVE-2023-29402",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29402"
    },
    {
      "cve": "CVE-2023-29406",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29406"
    },
    {
      "cve": "CVE-2023-29409",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-29409"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-30630",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-30630"
    },
    {
      "cve": "CVE-2023-30772",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-30772"
    },
    {
      "cve": "CVE-2023-31084",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-31084"
    },
    {
      "cve": "CVE-2023-3138",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-3138"
    },
    {
      "cve": "CVE-2023-31436",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-31436"
    },
    {
      "cve": "CVE-2023-31484",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-31484"
    },
    {
      "cve": "CVE-2023-32269",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-32269"
    },
    {
      "cve": "CVE-2023-32697",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-32697"
    },
    {
      "cve": "CVE-2023-33264",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-33264"
    },
    {
      "cve": "CVE-2023-34034",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-34035",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34035"
    },
    {
      "cve": "CVE-2023-34453",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34453"
    },
    {
      "cve": "CVE-2023-34454",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34454"
    },
    {
      "cve": "CVE-2023-34455",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34455"
    },
    {
      "cve": "CVE-2023-34462",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-34462"
    },
    {
      "cve": "CVE-2023-35116",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-35116"
    },
    {
      "cve": "CVE-2023-3635",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-3635"
    },
    {
      "cve": "CVE-2023-36479",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-36479"
    },
    {
      "cve": "CVE-2023-39533",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-39533"
    },
    {
      "cve": "CVE-2023-40167",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-40167"
    },
    {
      "cve": "CVE-2023-40217",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-40217"
    },
    {
      "cve": "CVE-2023-41105",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-41105"
    },
    {
      "cve": "CVE-2023-41900",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-41900"
    },
    {
      "cve": "CVE-2023-43642",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-43642"
    },
    {
      "cve": "CVE-2023-43804",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-43804"
    },
    {
      "cve": "CVE-2023-44487",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-44487"
    },
    {
      "cve": "CVE-2023-45803",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2023-45803"
    },
    {
      "cve": "CVE-2024-21626",
      "notes": [
        {
          "category": "description",
          "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033919"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-21626"
    }
  ]
}

WID-SEC-W-2024-2181

Vulnerability from csaf_certbund - Published: 2020-07-14 22:00 - Updated: 2024-09-18 22:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Notes

Produktbeschreibung

Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Verfügbarkeit, Vertraulichkeit und Integrität zu gefährden.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2181 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2024-2181.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2181 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2181"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2020 vom 2020-07-14",
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-09-18",
        "url": "https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-09-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-19T08:07:01.724+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-2181",
      "initial_release_date": "2020-07-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-07-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-09-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Aktive Ausnutzung gemeldet"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Fusion Middleware",
            "product": {
              "name": "Oracle Fusion Middleware",
              "product_id": "T006198",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:fusion_middleware:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5645",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2017-5645"
    },
    {
      "cve": "CVE-2018-11058",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2018-11058"
    },
    {
      "cve": "CVE-2018-6616",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2018-6616"
    },
    {
      "cve": "CVE-2018-8032",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2018-8032"
    },
    {
      "cve": "CVE-2019-0227",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-0227"
    },
    {
      "cve": "CVE-2019-12415",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-12415"
    },
    {
      "cve": "CVE-2019-12973",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-12973"
    },
    {
      "cve": "CVE-2019-14862",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-14862"
    },
    {
      "cve": "CVE-2019-16943",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-16943"
    },
    {
      "cve": "CVE-2019-17267",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-17267"
    },
    {
      "cve": "CVE-2019-17359",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-17359"
    },
    {
      "cve": "CVE-2019-17531",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-17531"
    },
    {
      "cve": "CVE-2019-17571",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-17571"
    },
    {
      "cve": "CVE-2019-20330",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2019-20330"
    },
    {
      "cve": "CVE-2020-10650",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-10650"
    },
    {
      "cve": "CVE-2020-10672",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-10672"
    },
    {
      "cve": "CVE-2020-10673",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-10673"
    },
    {
      "cve": "CVE-2020-10968",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-10968"
    },
    {
      "cve": "CVE-2020-10969",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-10969"
    },
    {
      "cve": "CVE-2020-11111",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-11111"
    },
    {
      "cve": "CVE-2020-11112",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-11112"
    },
    {
      "cve": "CVE-2020-11113",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-11113"
    },
    {
      "cve": "CVE-2020-11619",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-11619"
    },
    {
      "cve": "CVE-2020-11620",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-11620"
    },
    {
      "cve": "CVE-2020-14530",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14530"
    },
    {
      "cve": "CVE-2020-14548",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14548"
    },
    {
      "cve": "CVE-2020-14552",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14552"
    },
    {
      "cve": "CVE-2020-14557",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14557"
    },
    {
      "cve": "CVE-2020-14565",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14565"
    },
    {
      "cve": "CVE-2020-14570",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14570"
    },
    {
      "cve": "CVE-2020-14571",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14571"
    },
    {
      "cve": "CVE-2020-14572",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14572"
    },
    {
      "cve": "CVE-2020-14584",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14584"
    },
    {
      "cve": "CVE-2020-14585",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14585"
    },
    {
      "cve": "CVE-2020-14588",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14588"
    },
    {
      "cve": "CVE-2020-14589",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14589"
    },
    {
      "cve": "CVE-2020-14607",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14607"
    },
    {
      "cve": "CVE-2020-14608",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14608"
    },
    {
      "cve": "CVE-2020-14609",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14609"
    },
    {
      "cve": "CVE-2020-14611",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14611"
    },
    {
      "cve": "CVE-2020-14613",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14613"
    },
    {
      "cve": "CVE-2020-14622",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14622"
    },
    {
      "cve": "CVE-2020-14625",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14625"
    },
    {
      "cve": "CVE-2020-14626",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14626"
    },
    {
      "cve": "CVE-2020-14636",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14636"
    },
    {
      "cve": "CVE-2020-14637",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14637"
    },
    {
      "cve": "CVE-2020-14638",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14638"
    },
    {
      "cve": "CVE-2020-14639",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14639"
    },
    {
      "cve": "CVE-2020-14640",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14640"
    },
    {
      "cve": "CVE-2020-14642",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14642"
    },
    {
      "cve": "CVE-2020-14644",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14644"
    },
    {
      "cve": "CVE-2020-14645",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14645"
    },
    {
      "cve": "CVE-2020-14652",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14652"
    },
    {
      "cve": "CVE-2020-14655",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14655"
    },
    {
      "cve": "CVE-2020-14687",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14687"
    },
    {
      "cve": "CVE-2020-14690",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14690"
    },
    {
      "cve": "CVE-2020-14696",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14696"
    },
    {
      "cve": "CVE-2020-14723",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-14723"
    },
    {
      "cve": "CVE-2020-1941",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-1941"
    },
    {
      "cve": "CVE-2020-1945",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-1945"
    },
    {
      "cve": "CVE-2020-2966",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-2966"
    },
    {
      "cve": "CVE-2020-2967",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-2967"
    },
    {
      "cve": "CVE-2020-5397",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-5397"
    },
    {
      "cve": "CVE-2020-5398",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-5398"
    },
    {
      "cve": "CVE-2020-6851",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-6851"
    },
    {
      "cve": "CVE-2020-8112",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-8112"
    },
    {
      "cve": "CVE-2020-9488",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-9488"
    },
    {
      "cve": "CVE-2020-9546",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-9546"
    },
    {
      "cve": "CVE-2020-9547",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-9547"
    },
    {
      "cve": "CVE-2020-9548",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen in den Produkten Oracle WebCenter Portal, Oracle WebLogic Server, Oracle Endeca Information Discovery Studio, Oracle Enterprise Repository, Oracle Outside In Technology, Oracle Business Intelligence Enterprise Edition, Oracle BI Publisher, Oracle Fusion Middleware MapViewer, Oracle Help Technologies, Oracle Unified Directory, Oracle Business Process Management Suite, Oracle Coherence, Oracle Security Service und Oracle WebCenter Sites. Durch Ausnutzung dieser Schwachstellen kann ein entfernter Angreifer die Verf\u00fcgbarkeit, Vertraulichkeit und Integrit\u00e4t gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion und keine Authentisierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Availability\", \"Confidentiality\" und \"Integrity\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006198"
        ]
      },
      "release_date": "2020-07-14T22:00:00.000+00:00",
      "title": "CVE-2020-9548"
    }
  ]
}

WID-SEC-W-2024-1637

Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2025-03-05 23:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Notes

Produktbeschreibung

Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1637 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1637.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1637 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1637"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Fusion Middleware vom 2024-07-16",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2024-21182 vom 2024-12-30",
        "url": "https://github.com/k4it0k1d/CVE-2024-21182"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184867 vom 2025-03-05",
        "url": "https://www.ibm.com/support/pages/node/7184867"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-03-05T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-06T09:18:07.394+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-1637",
      "initial_release_date": "2024-07-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "PoC f\u00fcr CVE-2024-21182 erg\u00e4nzt"
        },
        {
          "date": "2025-03-05T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.5.8",
                "product": {
                  "name": "IBM FileNet Content Manager 5.5.8",
                  "product_id": "1487483",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:filenet_content_manager:5.5.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.5.12",
                "product": {
                  "name": "IBM FileNet Content Manager 5.5.12",
                  "product_id": "T039291",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:filenet_content_manager:5.5.12"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.6.0",
                "product": {
                  "name": "IBM FileNet Content Manager 5.6.0",
                  "product_id": "T039292",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:filenet_content_manager:5.6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FileNet Content Manager"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2.1.4.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.4.0",
                  "product_id": "751674",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1.1.0.0",
                "product": {
                  "name": "Oracle Fusion Middleware 14.1.1.0.0",
                  "product_id": "829576",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5.7",
                "product": {
                  "name": "Oracle Fusion Middleware 8.5.7",
                  "product_id": "T034057",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:8.5.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.2.1.19.0",
                "product": {
                  "name": "Oracle Fusion Middleware 12.2.1.19.0",
                  "product_id": "T036225",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.19.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-13956",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2020-1945",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2020-1945"
    },
    {
      "cve": "CVE-2021-29425",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-37533",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2022-40152",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-45378",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2022-45378"
    },
    {
      "cve": "CVE-2023-24998",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-29081",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-29081"
    },
    {
      "cve": "CVE-2023-2976",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-34034",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-36478",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-36478"
    },
    {
      "cve": "CVE-2023-45853",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2023-46750",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-46750"
    },
    {
      "cve": "CVE-2023-4759",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-4759"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-5072",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-52425",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-52425"
    },
    {
      "cve": "CVE-2023-6129",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2024-0853",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-0853"
    },
    {
      "cve": "CVE-2024-21133",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21133"
    },
    {
      "cve": "CVE-2024-21175",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21175"
    },
    {
      "cve": "CVE-2024-21181",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21181"
    },
    {
      "cve": "CVE-2024-21182",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21182"
    },
    {
      "cve": "CVE-2024-21183",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21183"
    },
    {
      "cve": "CVE-2024-22201",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22201"
    },
    {
      "cve": "CVE-2024-22243",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22243"
    },
    {
      "cve": "CVE-2024-22259",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22259"
    },
    {
      "cve": "CVE-2024-22262",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-25062",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-26308",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-29025",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29857",
      "product_status": {
        "known_affected": [
          "1487483",
          "T039292",
          "T039291",
          "T036225",
          "751674",
          "T034057",
          "829576"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-29857"
    }
  ]
}

VAR-202005-1051

Vulnerability from variot - Updated: 2025-12-22 21:05

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. This tool is mainly used for software compilation, testing and deployment. An attacker could exploit this vulnerability to disclose sensitive information. ========================================================================== Ubuntu Security Notice USN-4380-1 June 01, 2020

Apache Ant vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 19.10

Summary:

Apache Ant could leak sensitive information or be made to run programs as your login. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10: ant 1.10.6-1ubuntu0.1 ant-doc 1.10.6-1ubuntu0.1 ant-optional 1.10.6-1ubuntu0.1

In general, a standard system update will make all the necessary changes. Description:

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to in the References section. Bugs fixed (https://bugzilla.redhat.com/):

1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability

Bugs fixed (https://bugzilla.redhat.com/):

1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1903702 - CVE-2020-11979 ant: insecure temporary file 1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users 1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels 1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix 1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names 1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page 1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview 1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service 1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors 1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints 1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar 1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers 1925674 - Placeholder bug for OCP 4.6.0 rpm release

Description:

For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.

The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/):

1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update Advisory ID: RHSA-2021:0637-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0637 Issue date: 2021-03-03 CVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305 CVE-2020-2306 CVE-2020-2307 CVE-2020-2308 CVE-2020-2309 CVE-2020-11979 CVE-2020-25658 ==================================================================== 1. Summary:

Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)
jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)
ant: Insecure temporary file vulnerability (CVE-2020-1945)
jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)
ant: Insecure temporary file (CVE-2020-11979)
python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2021:0638

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html

This update fixes the following bugs among others:

Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)
Previously, the openshift_named_certificates role checked the contents of the ca-bundle.crt file during cluster installation. This caused the check to fail during initial installation because the ca-bundle.crt file is not yet created in that scenario. This bug fix allows the cluster to skip checking the ca-bundle.crt file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)
Previously, if the openshift_release attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the cluster_facts.yml file being gathered before the openshift_release attribute was defined by the upgrade playbook. Now the cluster_facts.yml file is gathered after the openshift_version role runs and the openshift_release attribute is set, allowing for successful node upgrades. (BZ#1921353)

All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.

Solution:

Before applying this update, ensure all previously released errata relevant to your system is applied.

See the following documentation, which will be updated shortly for release 3.11.394, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.

Bugs fixed (https://bugzilla.redhat.com/):

1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1849003 - fact dicts returned are of type string rather than dict 1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components 1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size 1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs 1903699 - Prometheus consumes all available memory 1903702 - CVE-2020-11979 ant: insecure temporary file 1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router 1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process 1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified 1924614 - Provide jenkins agent image for maven36 1924811 - Provide jenkins agent image for maven36 1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface 1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses

Package List:

Red Hat OpenShift Container Platform 3.11:

Source: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm haproxy-1.8.28-1.el7.src.rpm jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm jenkins-2.263.3.1612433584-1.el7.src.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm python-rsa-4.5-3.el7.src.rpm

noarch: atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm jenkins-2.263.3.1612433584-1.el7.noarch.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-rsa-4.5-3.el7.noarch.rpm

ppc64le: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm haproxy18-1.8.28-1.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm

x86_64: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm haproxy18-1.8.28-1.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-2306 https://access.redhat.com/security/cve/CVE-2020-2307 https://access.redhat.com/security/cve/CVE-2020-2308 https://access.redhat.com/security/cve/CVE-2020-2309 https://access.redhat.com/security/cve/CVE-2020-11979 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/updates/classification/#important

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z Ru/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93 T5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT g5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv d/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL j5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N qCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD 7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es 4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/ Nk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v wA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2 +rElYOcZkO0=9NLN -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-34

                                       https://security.gentoo.org/

Severity: Normal Title: Apache Ant: Multiple vulnerabilities Date: July 27, 2020 Bugs: #723086 ID: 202007-34

Synopsis

Apache Ant uses various insecure temporary files possibly allowing local code execution.

Background

Ant is a Java-based build tool similar to 'make' that uses XML configuration files.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-java/ant < 1.10.8 >= 1.10.8

Description

Apache Ant was found to be using multiple insecure temporary files which may disclose sensitive information or execute code from an unsafe local location.

Impact

A local attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Apache Ant users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-java/ant-1.10.8"

References

[ 1 ] CVE-2020-1945 https://nvd.nist.gov/vuln/detail/CVE-2020-1945

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202007-34

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202005-1051",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "retail size profile optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "ant",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.10.7"
      },
      {
        "model": "ant",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.9.14"
      },
      {
        "model": "flexcube investor servicing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12.7"
      },
      {
        "model": "retail central office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.6"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2.0"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.6"
      },
      {
        "model": "endeca information discovery studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "banking liquidity management",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.0"
      },
      {
        "model": "ant",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.10.0"
      },
      {
        "model": "flexcube private banking",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.0.0"
      },
      {
        "model": "retail item planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "health sciences information manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0.2"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1.0"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "utilities framework",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.0.1.0"
      },
      {
        "model": "banking enterprise collections",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.7.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "retail extract transform and load",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.5"
      },
      {
        "model": "health sciences information manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.10"
      },
      {
        "model": "banking platform",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.9.0"
      },
      {
        "model": "retail point-of-service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "business process management suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "business process management suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "31"
      },
      {
        "model": "timesten in-memory database",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2.2.8.49"
      },
      {
        "model": "flexcube investor servicing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.0"
      },
      {
        "model": "primavera gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12.0"
      },
      {
        "model": "enterprise repository",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1.1.7.0"
      },
      {
        "model": "primavera unifier",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.7"
      },
      {
        "model": "retail advanced inventory planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.12"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.0.3"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      },
      {
        "model": "category management planning \\\u0026 optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.4"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.4.0.0"
      },
      {
        "model": "rapid planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "retail macro space optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "retail point-of-service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "retail data extractor for merchandising",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.9"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.4.0.0.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3"
      },
      {
        "model": "retail point-of-service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "retail merchandising system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "banking enterprise collections",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.9.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.4.0"
      },
      {
        "model": "retail data extractor for merchandising",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.10"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "retail regular price optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "data integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "retail bulk data integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "agile engineering data management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.2.1.0"
      },
      {
        "model": "retail regular price optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "primavera unifier",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "communications order and service management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.4.0"
      },
      {
        "model": "retail returns management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.2"
      },
      {
        "model": "financial services analytical applications infrastructure",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.1.0"
      },
      {
        "model": "flexcube private banking",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.2"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "rapid planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2"
      },
      {
        "model": "utilities framework",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.0.6.0"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "flexcube investor servicing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.0"
      },
      {
        "model": "retail advanced inventory planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "retail extract transform and load",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.8"
      },
      {
        "model": "retail point-of-service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.0.4"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.4"
      },
      {
        "model": "retail merchandise financial planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.2.0.0.0"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "retail bulk data integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "real-time decision server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2.1.0"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.2.0.3.0"
      },
      {
        "model": "ant",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.1"
      },
      {
        "model": "retail bulk data integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "communications asap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.3"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "communications order and service management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.4"
      },
      {
        "model": "primavera unifier",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "18.8"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3.2"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.4.0"
      },
      {
        "model": "retail financial integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3.0"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail central office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.2.0.2.0"
      },
      {
        "model": "utilities framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.4.0.2.0"
      },
      {
        "model": "retail store inventory management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "timesten in-memory database",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.2.2.8.27"
      },
      {
        "model": "flexcube investor servicing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.0"
      },
      {
        "model": "retail assortment planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "retail bulk data integration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1"
      },
      {
        "model": "retail returns management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "19.0.1.0"
      },
      {
        "model": "retail replenishment optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.3"
      },
      {
        "model": "retail advanced inventory planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail assortment planning",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.3"
      },
      {
        "model": "banking liquidity management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.4.0"
      },
      {
        "model": "flexcube investor servicing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.0"
      },
      {
        "model": "retail service backbone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "communications metasolv solution",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.3.0"
      },
      {
        "model": "retail size profile optimization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.3"
      },
      {
        "model": "banking platform",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2.4.0"
      },
      {
        "model": "primavera gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2.11"
      },
      {
        "model": "data integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159924"
      },
      {
        "db": "PACKETSTORM",
        "id": "158150"
      },
      {
        "db": "PACKETSTORM",
        "id": "161644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161454"
      },
      {
        "db": "PACKETSTORM",
        "id": "159921"
      },
      {
        "db": "PACKETSTORM",
        "id": "161647"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      }
    ],
    "trust": 1.2
  },
  "cve": "CVE-2020-1945",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2020-1945",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.1,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-172829",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.0,
            "id": "CVE-2020-1945",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1945",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-777",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-172829",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-1945",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. This tool is mainly used for software compilation, testing and deployment. An attacker could exploit this vulnerability to disclose sensitive information. ==========================================================================\nUbuntu Security Notice USN-4380-1\nJune 01, 2020\n\nApache Ant vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n\nSummary:\n\nApache Ant could leak sensitive information or be made to run programs\nas your login. An attacker could use this vulnerability to read sensitive\ninformation leaked into /tmp, or potentially inject malicious code into a\nproject that is built with Apache Ant. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n  ant                             1.10.6-1ubuntu0.1\n  ant-doc                         1.10.6-1ubuntu0.1\n  ant-optional                    1.10.6-1ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to\nin the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users\n1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels\n1925141 - CVE-2021-21609 jenkins:  Missing permission check for paths with specific prefix\n1925143 - CVE-2021-21605 jenkins:  Path traversal vulnerability in agent names\n1925145 - CVE-2021-21611 jenkins:  Stored XSS vulnerability on new item page\n1925151 - CVE-2021-21610 jenkins:  Reflected XSS vulnerability in markup formatter preview\n1925156 - CVE-2021-21607 jenkins:  Excessive memory allocation in graph URLs leads to denial of service\n1925157 - CVE-2021-21604 jenkins:  Improper handling of REST API XML deserialization errors\n1925159 - CVE-2021-21606 jenkins:  Arbitrary file existence check in file fingerprints\n1925160 - CVE-2021-21603 jenkins:  XSS vulnerability in notification bar\n1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers\n1925674 - Placeholder bug for OCP 4.6.0 rpm release\n\n6. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. Solution:\n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1848617 - CVE-2019-17566 batik: SSRF via \"xlink:href\"\n1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: OpenShift Container Platform 3.11.394 bug fix and security update\nAdvisory ID:       RHSA-2021:0637-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0637\nIssue date:        2021-03-03\nCVE Names:         CVE-2020-1945 CVE-2020-2304 CVE-2020-2305\n                   CVE-2020-2306 CVE-2020-2307 CVE-2020-2308\n                   CVE-2020-2309 CVE-2020-11979 CVE-2020-25658\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 3.11.394 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint\ncould result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables\nare accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nPlugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nplug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption\n(CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined\ncluster size for ops clusters. This was causing come clusters to never\ncomplete their restart. This bug fix passes the logging ops cluster size,\nallowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents\nof the `ca-bundle.crt` file during cluster installation. This caused the\ncheck to fail during initial installation because the `ca-bundle.crt` file\nis not yet created in that scenario. This bug fix allows the cluster to\nskip checking the `ca-bundle.crt` file if it does not exist, resulting in\ninitial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the\nAnsible inventory file, the nodes of the cluster would fail during an\nupgrade. This was caused by the `cluster_facts.yml` file being gathered\nbefore the `openshift_release` attribute was defined by the upgrade\nplaybook. Now the `cluster_facts.yml` file is gathered after the\n`openshift_version` role runs and the `openshift_release` attribute is set,\nallowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1849003 - fact dicts returned are of type string rather than dict\n1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components\n1879407 - The restart-cluster playbook doesn\u0027t take into account that openshift_logging_es_ops_cluster_size  could be different from openshift_logging_es_cluster_size\n1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption\n1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure\n1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs\n1903699 - Prometheus consumes all available memory\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router\n1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process\n1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified\n1924614 - Provide jenkins agent image for maven36\n1924811 - Provide jenkins agent image for maven36\n1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface\n1929216 - KeyError: \u0027addresses\u0027 in kuryr-controller when Endpoints\u0027 slice only lists notReadyAddresses\n\n6. Package List:\n\nRed Hat OpenShift Container Platform 3.11:\n\nSource:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm\ngolang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm\ngolang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm\ngolang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm\nhaproxy-1.8.28-1.el7.src.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.src.rpm\njenkins-2.263.3.1612433584-1.el7.src.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm\nopenshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm\npython-rsa-4.5-3.el7.src.rpm\n\nnoarch:\natomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\natomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm\njenkins-2.263.3.1612433584-1.el7.noarch.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-rsa-4.5-3.el7.noarch.rpm\n\nppc64le:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm\nhaproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm\nhaproxy18-1.8.28-1.el7.ppc64le.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm\n\nx86_64:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm\nhaproxy-debuginfo-1.8.28-1.el7.x86_64.rpm\nhaproxy18-1.8.28-1.el7.x86_64.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1945\nhttps://access.redhat.com/security/cve/CVE-2020-2304\nhttps://access.redhat.com/security/cve/CVE-2020-2305\nhttps://access.redhat.com/security/cve/CVE-2020-2306\nhttps://access.redhat.com/security/cve/CVE-2020-2307\nhttps://access.redhat.com/security/cve/CVE-2020-2308\nhttps://access.redhat.com/security/cve/CVE-2020-2309\nhttps://access.redhat.com/security/cve/CVE-2020-11979\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z\nRu/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93\nT5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT\ng5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv\nd/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL\nj5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N\nqCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD\n7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es\n4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/\nNk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v\nwA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2\n+rElYOcZkO0=9NLN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202007-34\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Apache Ant: Multiple vulnerabilities\n     Date: July 27, 2020\n     Bugs: #723086\n       ID: 202007-34\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nApache Ant uses various insecure temporary files possibly allowing\nlocal code execution. \n\nBackground\n=========\nAnt is a Java-based build tool similar to \u0027make\u0027 that uses XML\nconfiguration files. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-java/ant                 \u003c 1.10.8                  \u003e= 1.10.8\n\nDescription\n==========\nApache Ant was found to be using multiple insecure temporary files\nwhich may disclose sensitive information or execute code from an unsafe\nlocal location. \n\nImpact\n=====\nA local attacker could possibly execute arbitrary code with the\nprivileges of the process, or cause a Denial of Service condition. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache Ant users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-java/ant-1.10.8\"\n\nReferences\n=========\n[ 1 ] CVE-2020-1945\n      https://nvd.nist.gov/vuln/detail/CVE-2020-1945\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-34\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1945"
      },
      {
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "db": "PACKETSTORM",
        "id": "157902"
      },
      {
        "db": "PACKETSTORM",
        "id": "159924"
      },
      {
        "db": "PACKETSTORM",
        "id": "158150"
      },
      {
        "db": "PACKETSTORM",
        "id": "161644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161454"
      },
      {
        "db": "PACKETSTORM",
        "id": "159921"
      },
      {
        "db": "PACKETSTORM",
        "id": "161647"
      },
      {
        "db": "PACKETSTORM",
        "id": "158600"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1945",
        "trust": 2.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2020/09/30/6",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2020/12/06/1",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157902",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161454",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158600",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159921",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "161644",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158150",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1680",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0771",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1915",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0599",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3894",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.6025",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2139",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2472",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3485",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.1653",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021042552",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072748",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161647",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "159924",
        "trust": 0.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-46282",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-172829",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1945",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "db": "PACKETSTORM",
        "id": "157902"
      },
      {
        "db": "PACKETSTORM",
        "id": "159924"
      },
      {
        "db": "PACKETSTORM",
        "id": "158150"
      },
      {
        "db": "PACKETSTORM",
        "id": "161644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161454"
      },
      {
        "db": "PACKETSTORM",
        "id": "159921"
      },
      {
        "db": "PACKETSTORM",
        "id": "161647"
      },
      {
        "db": "PACKETSTORM",
        "id": "158600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "id": "VAR-202005-1051",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-172829"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-12-22T21:05:50.142000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Ant Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=120777"
      },
      {
        "title": "Ubuntu Security Notice: Apache Ant vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4380-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: ant: CVE-2020-1945",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2f2bfe313c011b85e70b7511f52afaa3"
      },
      {
        "title": "Debian CVElist Bug Report Logs: ant: CVE-2020-11979",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2a449f8fc892d50c69e07a3668964924"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Decision Manager 7.9.0 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204960 - Security Advisory"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerability in Apache Ant affects IBM Platform Symphony and IBM Spectrum Symphony",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7b1cd05975d43c37f2d60c4fff131c25"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202005-15] ant: arbitrary command execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-15"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Process Automation Manager 7.9.0 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204961 - Security Advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-1945 log"
      },
      {
        "title": "IBM: Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=141b2e54160a76a0f41beef4db28270e"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202012-5] ant: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202012-5"
      },
      {
        "title": "Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210423 - Security Advisory"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-668",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/202007-34"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/4380-1/"
      },
      {
        "trust": 1.8,
        "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3cdev.ant.apache.org%3e"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1945"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3ccommits.groovy.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3cdev.ant.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cannounce.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3ccommits.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3cannounce.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cusers.groovy.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3cdev.hive.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eqbr65tinsjrn7ptpivnys33p535wm74/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cdev.groovy.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3ccommits.myfaces.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rrvawtcvxjmrykqkexysnbf7nlsr6oei/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3ccommits.creadur.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3ccommits.myfaces.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3ctorque-dev.db.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3cuser.ant.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rrvawtcvxjmrykqkexysnbf7nlsr6oei/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eqbr65tinsjrn7ptpivnys33p535wm74/"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3cannounce.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cannounce.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3cdev.ant.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3cuser.ant.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3ccommits.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3ccommits.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3ctorque-dev.db.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3ccommits.groovy.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cdev.groovy.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3cnotifications.groovy.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cusers.groovy.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3cdev.hive.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3cissues.hive.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3ccommits.myfaces.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3ccommits.myfaces.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3cdev.creadur.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-1945"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0599"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157902/ubuntu-security-notice-usn-4380-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-ant-file-corruption-32379"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021042552"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158600/gentoo-linux-security-advisory-202007-34.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3894/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161454/red-hat-security-advisory-2021-0423-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1680/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2472/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161644/red-hat-security-advisory-2021-0429-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2139/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072748"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1915/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0771"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-platform-symphony-and-ibm-spectrum-symphony/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.6025"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affect-ibm-operations-analytics-log-analysis-analysis-cve-2020-1945/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158150/red-hat-security-advisory-2020-2618-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11979"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-11979"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-2875"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-2933"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10714"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17566"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-2934"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2933"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10683"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-10693"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14900"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1954"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1748"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21607"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21606"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21608"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21609"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21602"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21608"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21603"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21603"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21611"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21605"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21610"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21607"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21605"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21609"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21602"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21604"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21604"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-21615"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21610"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21615"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21606"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21611"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ant/1.10.6-1ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4380-1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4961"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.9.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11612"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/products/red-hat-amq#streams"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.streams\u0026downloadtype=distributions\u0026version=1.5.0"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0429"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0428"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0423"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhba-2021:0424"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.9.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4960"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2306"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2306"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258."
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhba-2021:0638"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2309"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2309"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0637"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2305"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2304"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2307"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25658"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "db": "PACKETSTORM",
        "id": "157902"
      },
      {
        "db": "PACKETSTORM",
        "id": "159924"
      },
      {
        "db": "PACKETSTORM",
        "id": "158150"
      },
      {
        "db": "PACKETSTORM",
        "id": "161644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161454"
      },
      {
        "db": "PACKETSTORM",
        "id": "159921"
      },
      {
        "db": "PACKETSTORM",
        "id": "161647"
      },
      {
        "db": "PACKETSTORM",
        "id": "158600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "db": "PACKETSTORM",
        "id": "157902"
      },
      {
        "db": "PACKETSTORM",
        "id": "159924"
      },
      {
        "db": "PACKETSTORM",
        "id": "158150"
      },
      {
        "db": "PACKETSTORM",
        "id": "161644"
      },
      {
        "db": "PACKETSTORM",
        "id": "161454"
      },
      {
        "db": "PACKETSTORM",
        "id": "159921"
      },
      {
        "db": "PACKETSTORM",
        "id": "161647"
      },
      {
        "db": "PACKETSTORM",
        "id": "158600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-05-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "date": "2020-05-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "date": "2020-06-02T14:34:18",
        "db": "PACKETSTORM",
        "id": "157902"
      },
      {
        "date": "2020-11-06T15:18:46",
        "db": "PACKETSTORM",
        "id": "159924"
      },
      {
        "date": "2020-06-19T16:45:29",
        "db": "PACKETSTORM",
        "id": "158150"
      },
      {
        "date": "2021-03-03T15:53:12",
        "db": "PACKETSTORM",
        "id": "161644"
      },
      {
        "date": "2021-02-18T14:14:45",
        "db": "PACKETSTORM",
        "id": "161454"
      },
      {
        "date": "2020-11-06T15:06:03",
        "db": "PACKETSTORM",
        "id": "159921"
      },
      {
        "date": "2021-03-03T15:53:58",
        "db": "PACKETSTORM",
        "id": "161647"
      },
      {
        "date": "2020-07-27T18:34:18",
        "db": "PACKETSTORM",
        "id": "158600"
      },
      {
        "date": "2020-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      },
      {
        "date": "2020-05-14T16:15:12.767000",
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-172829"
      },
      {
        "date": "2021-04-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1945"
      },
      {
        "date": "2023-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      },
      {
        "date": "2024-11-21T05:11:42.183000",
        "db": "NVD",
        "id": "CVE-2020-1945"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158600"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Ant Information disclosure vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-777"
      }
    ],
    "trust": 0.6
  }
}

OPENSUSE-SU-2024:11676-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

junit-4.13.2-1.1 on GA media

Notes

Title of the patch

junit-4.13.2-1.1 on GA media

Description of the patch

These are all security issues fixed in the junit-4.13.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11676

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "junit-4.13.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the junit-4.13.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11676",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11676-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-1945 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-1945/"
      }
    ],
    "title": "junit-4.13.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11676-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "junit-4.13.2-1.1.aarch64",
                "product": {
                  "name": "junit-4.13.2-1.1.aarch64",
                  "product_id": "junit-4.13.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "junit-javadoc-4.13.2-1.1.aarch64",
                "product": {
                  "name": "junit-javadoc-4.13.2-1.1.aarch64",
                  "product_id": "junit-javadoc-4.13.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "junit-manual-4.13.2-1.1.aarch64",
                "product": {
                  "name": "junit-manual-4.13.2-1.1.aarch64",
                  "product_id": "junit-manual-4.13.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "junit-4.13.2-1.1.ppc64le",
                "product": {
                  "name": "junit-4.13.2-1.1.ppc64le",
                  "product_id": "junit-4.13.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "junit-javadoc-4.13.2-1.1.ppc64le",
                "product": {
                  "name": "junit-javadoc-4.13.2-1.1.ppc64le",
                  "product_id": "junit-javadoc-4.13.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "junit-manual-4.13.2-1.1.ppc64le",
                "product": {
                  "name": "junit-manual-4.13.2-1.1.ppc64le",
                  "product_id": "junit-manual-4.13.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "junit-4.13.2-1.1.s390x",
                "product": {
                  "name": "junit-4.13.2-1.1.s390x",
                  "product_id": "junit-4.13.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "junit-javadoc-4.13.2-1.1.s390x",
                "product": {
                  "name": "junit-javadoc-4.13.2-1.1.s390x",
                  "product_id": "junit-javadoc-4.13.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "junit-manual-4.13.2-1.1.s390x",
                "product": {
                  "name": "junit-manual-4.13.2-1.1.s390x",
                  "product_id": "junit-manual-4.13.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "junit-4.13.2-1.1.x86_64",
                "product": {
                  "name": "junit-4.13.2-1.1.x86_64",
                  "product_id": "junit-4.13.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "junit-javadoc-4.13.2-1.1.x86_64",
                "product": {
                  "name": "junit-javadoc-4.13.2-1.1.x86_64",
                  "product_id": "junit-javadoc-4.13.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "junit-manual-4.13.2-1.1.x86_64",
                "product": {
                  "name": "junit-manual-4.13.2-1.1.x86_64",
                  "product_id": "junit-manual-4.13.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-4.13.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-4.13.2-1.1.aarch64"
        },
        "product_reference": "junit-4.13.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-4.13.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-4.13.2-1.1.ppc64le"
        },
        "product_reference": "junit-4.13.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-4.13.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-4.13.2-1.1.s390x"
        },
        "product_reference": "junit-4.13.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-4.13.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-4.13.2-1.1.x86_64"
        },
        "product_reference": "junit-4.13.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-javadoc-4.13.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.aarch64"
        },
        "product_reference": "junit-javadoc-4.13.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-javadoc-4.13.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.ppc64le"
        },
        "product_reference": "junit-javadoc-4.13.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-javadoc-4.13.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.s390x"
        },
        "product_reference": "junit-javadoc-4.13.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-javadoc-4.13.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.x86_64"
        },
        "product_reference": "junit-javadoc-4.13.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-manual-4.13.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.aarch64"
        },
        "product_reference": "junit-manual-4.13.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-manual-4.13.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.ppc64le"
        },
        "product_reference": "junit-manual-4.13.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-manual-4.13.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.s390x"
        },
        "product_reference": "junit-manual-4.13.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "junit-manual-4.13.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.x86_64"
        },
        "product_reference": "junit-manual-4.13.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-1945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:junit-4.13.2-1.1.aarch64",
          "openSUSE Tumbleweed:junit-4.13.2-1.1.ppc64le",
          "openSUSE Tumbleweed:junit-4.13.2-1.1.s390x",
          "openSUSE Tumbleweed:junit-4.13.2-1.1.x86_64",
          "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.aarch64",
          "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.ppc64le",
          "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.s390x",
          "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.x86_64",
          "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.aarch64",
          "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.ppc64le",
          "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.s390x",
          "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-1945",
          "url": "https://www.suse.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171696 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1171696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177180 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1177180"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179729 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1179729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:junit-4.13.2-1.1.aarch64",
            "openSUSE Tumbleweed:junit-4.13.2-1.1.ppc64le",
            "openSUSE Tumbleweed:junit-4.13.2-1.1.s390x",
            "openSUSE Tumbleweed:junit-4.13.2-1.1.x86_64",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.aarch64",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.ppc64le",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.s390x",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.x86_64",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.aarch64",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.ppc64le",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.s390x",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:junit-4.13.2-1.1.aarch64",
            "openSUSE Tumbleweed:junit-4.13.2-1.1.ppc64le",
            "openSUSE Tumbleweed:junit-4.13.2-1.1.s390x",
            "openSUSE Tumbleweed:junit-4.13.2-1.1.x86_64",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.aarch64",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.ppc64le",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.s390x",
            "openSUSE Tumbleweed:junit-javadoc-4.13.2-1.1.x86_64",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.aarch64",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.ppc64le",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.s390x",
            "openSUSE Tumbleweed:junit-manual-4.13.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-1945"
    }
  ]
}

OPENSUSE-SU-2020:1022-1

Vulnerability from csaf_opensuse - Published: 2020-07-20 16:30 - Updated: 2020-07-20 16:30

Summary

Security update for ant

Notes

Title of the patch

Security update for ant

Description of the patch

This update for ant fixes the following issues: - CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696). This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames

openSUSE-2020-1022

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for ant",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for ant fixes the following issues:\n\n- CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696).\t  \n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1022",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1022-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1022-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AG36USOF7TR4YWTQXMYIESP5U3TQA67V/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1022-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AG36USOF7TR4YWTQXMYIESP5U3TQA67V/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171696",
        "url": "https://bugzilla.suse.com/1171696"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-1945 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-1945/"
      }
    ],
    "title": "Security update for ant",
    "tracking": {
      "current_release_date": "2020-07-20T16:30:35Z",
      "generator": {
        "date": "2020-07-20T16:30:35Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1022-1",
      "initial_release_date": "2020-07-20T16:30:35Z",
      "revision_history": [
        {
          "date": "2020-07-20T16:30:35Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ant-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-antlr-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-antlr-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-antlr-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-bcel-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-apache-bcel-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-apache-bcel-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-bsf-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-apache-bsf-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-apache-bsf-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-log4j-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-apache-log4j-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-apache-log4j-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-oro-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-apache-oro-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-apache-oro-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-regexp-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-apache-regexp-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-apache-regexp-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-resolver-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-apache-resolver-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-apache-resolver-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-commons-logging-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-commons-logging-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-commons-logging-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-commons-net-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-commons-net-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-commons-net-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-imageio-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-imageio-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-imageio-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-javamail-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-javamail-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-javamail-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jdepend-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-jdepend-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-jdepend-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jmf-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-jmf-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-jmf-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jsch-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-jsch-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-jsch-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-junit-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-junit-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-junit-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-junit5-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-junit5-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-junit5-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-manual-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-manual-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-manual-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-scripts-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-scripts-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-scripts-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-swing-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-swing-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-swing-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-testutil-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-testutil-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-testutil-1.10.7-lp152.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "ant-xz-1.10.7-lp152.2.3.1.noarch",
                "product": {
                  "name": "ant-xz-1.10.7-lp152.2.3.1.noarch",
                  "product_id": "ant-xz-1.10.7-lp152.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-antlr-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-antlr-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-antlr-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-bcel-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-apache-bcel-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-apache-bcel-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-bsf-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-apache-bsf-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-apache-bsf-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-log4j-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-apache-log4j-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-apache-log4j-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-oro-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-apache-oro-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-apache-oro-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-regexp-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-apache-regexp-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-apache-regexp-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-resolver-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-apache-resolver-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-apache-resolver-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-commons-logging-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-commons-logging-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-commons-logging-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-commons-net-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-commons-net-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-commons-net-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-imageio-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-imageio-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-imageio-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-javamail-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-javamail-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-javamail-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jdepend-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-jdepend-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-jdepend-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jmf-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-jmf-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-jmf-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jsch-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-jsch-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-jsch-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-junit-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-junit-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-junit-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-junit5-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-junit5-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-junit5-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-manual-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-manual-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-manual-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-scripts-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-scripts-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-scripts-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-swing-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-swing-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-swing-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-testutil-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-testutil-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-testutil-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-xz-1.10.7-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:ant-xz-1.10.7-lp152.2.3.1.noarch"
        },
        "product_reference": "ant-xz-1.10.7-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-1945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:ant-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-antlr-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-apache-bcel-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-apache-bsf-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-apache-log4j-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-apache-oro-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-apache-regexp-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-apache-resolver-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-commons-logging-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-commons-net-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-imageio-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-javamail-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-jdepend-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-jmf-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-jsch-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-junit-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-junit5-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-manual-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-scripts-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-swing-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-testutil-1.10.7-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:ant-xz-1.10.7-lp152.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-1945",
          "url": "https://www.suse.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171696 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1171696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177180 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1177180"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179729 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1179729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:ant-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-antlr-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-bcel-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-bsf-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-log4j-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-oro-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-regexp-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-resolver-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-commons-logging-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-commons-net-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-imageio-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-javamail-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-jdepend-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-jmf-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-jsch-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-junit-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-junit5-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-manual-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-scripts-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-swing-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-testutil-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-xz-1.10.7-lp152.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:ant-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-antlr-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-bcel-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-bsf-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-log4j-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-oro-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-regexp-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-resolver-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-apache-xalan2-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-commons-logging-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-commons-net-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-imageio-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-javamail-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-jdepend-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-jmf-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-jsch-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-junit-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-junit5-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-manual-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-scripts-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-swing-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-testutil-1.10.7-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:ant-xz-1.10.7-lp152.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-07-20T16:30:35Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-1945"
    }
  ]
}

OPENSUSE-SU-2024:10616-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

ant-1.10.10-1.2 on GA media

Notes

Title of the patch

ant-1.10.10-1.2 on GA media

Description of the patch

These are all security issues fixed in the ant-1.10.10-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10616

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "ant-1.10.10-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the ant-1.10.10-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10616",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10616-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10886 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10886/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11979 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11979/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-1945 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-1945/"
      }
    ],
    "title": "ant-1.10.10-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10616-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ant-1.10.10-1.2.aarch64",
                "product": {
                  "name": "ant-1.10.10-1.2.aarch64",
                  "product_id": "ant-1.10.10-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jmf-1.10.10-1.2.aarch64",
                "product": {
                  "name": "ant-jmf-1.10.10-1.2.aarch64",
                  "product_id": "ant-jmf-1.10.10-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ant-scripts-1.10.10-1.2.aarch64",
                "product": {
                  "name": "ant-scripts-1.10.10-1.2.aarch64",
                  "product_id": "ant-scripts-1.10.10-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "ant-swing-1.10.10-1.2.aarch64",
                "product": {
                  "name": "ant-swing-1.10.10-1.2.aarch64",
                  "product_id": "ant-swing-1.10.10-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ant-1.10.10-1.2.ppc64le",
                "product": {
                  "name": "ant-1.10.10-1.2.ppc64le",
                  "product_id": "ant-1.10.10-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jmf-1.10.10-1.2.ppc64le",
                "product": {
                  "name": "ant-jmf-1.10.10-1.2.ppc64le",
                  "product_id": "ant-jmf-1.10.10-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ant-scripts-1.10.10-1.2.ppc64le",
                "product": {
                  "name": "ant-scripts-1.10.10-1.2.ppc64le",
                  "product_id": "ant-scripts-1.10.10-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "ant-swing-1.10.10-1.2.ppc64le",
                "product": {
                  "name": "ant-swing-1.10.10-1.2.ppc64le",
                  "product_id": "ant-swing-1.10.10-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ant-1.10.10-1.2.s390x",
                "product": {
                  "name": "ant-1.10.10-1.2.s390x",
                  "product_id": "ant-1.10.10-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jmf-1.10.10-1.2.s390x",
                "product": {
                  "name": "ant-jmf-1.10.10-1.2.s390x",
                  "product_id": "ant-jmf-1.10.10-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ant-scripts-1.10.10-1.2.s390x",
                "product": {
                  "name": "ant-scripts-1.10.10-1.2.s390x",
                  "product_id": "ant-scripts-1.10.10-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "ant-swing-1.10.10-1.2.s390x",
                "product": {
                  "name": "ant-swing-1.10.10-1.2.s390x",
                  "product_id": "ant-swing-1.10.10-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ant-1.10.10-1.2.x86_64",
                "product": {
                  "name": "ant-1.10.10-1.2.x86_64",
                  "product_id": "ant-1.10.10-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ant-jmf-1.10.10-1.2.x86_64",
                "product": {
                  "name": "ant-jmf-1.10.10-1.2.x86_64",
                  "product_id": "ant-jmf-1.10.10-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ant-scripts-1.10.10-1.2.x86_64",
                "product": {
                  "name": "ant-scripts-1.10.10-1.2.x86_64",
                  "product_id": "ant-scripts-1.10.10-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ant-swing-1.10.10-1.2.x86_64",
                "product": {
                  "name": "ant-swing-1.10.10-1.2.x86_64",
                  "product_id": "ant-swing-1.10.10-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.10.10-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64"
        },
        "product_reference": "ant-1.10.10-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.10.10-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le"
        },
        "product_reference": "ant-1.10.10-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.10.10-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x"
        },
        "product_reference": "ant-1.10.10-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-1.10.10-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64"
        },
        "product_reference": "ant-1.10.10-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jmf-1.10.10-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64"
        },
        "product_reference": "ant-jmf-1.10.10-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jmf-1.10.10-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le"
        },
        "product_reference": "ant-jmf-1.10.10-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jmf-1.10.10-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x"
        },
        "product_reference": "ant-jmf-1.10.10-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-jmf-1.10.10-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64"
        },
        "product_reference": "ant-jmf-1.10.10-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-scripts-1.10.10-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64"
        },
        "product_reference": "ant-scripts-1.10.10-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-scripts-1.10.10-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le"
        },
        "product_reference": "ant-scripts-1.10.10-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-scripts-1.10.10-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x"
        },
        "product_reference": "ant-scripts-1.10.10-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-scripts-1.10.10-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64"
        },
        "product_reference": "ant-scripts-1.10.10-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-swing-1.10.10-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64"
        },
        "product_reference": "ant-swing-1.10.10-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-swing-1.10.10-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le"
        },
        "product_reference": "ant-swing-1.10.10-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-swing-1.10.10-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x"
        },
        "product_reference": "ant-swing-1.10.10-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-swing-1.10.10-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
        },
        "product_reference": "ant-swing-1.10.10-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10886",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10886"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10886",
          "url": "https://www.suse.com/security/cve/CVE-2018-10886"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100053 for CVE-2018-10886",
          "url": "https://bugzilla.suse.com/1100053"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10886"
    },
    {
      "cve": "CVE-2020-11979",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11979"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11979",
          "url": "https://www.suse.com/security/cve/CVE-2020-11979"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177180 for CVE-2020-11979",
          "url": "https://bugzilla.suse.com/1177180"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11979"
    },
    {
      "cve": "CVE-2020-1945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-1945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
          "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-1945",
          "url": "https://www.suse.com/security/cve/CVE-2020-1945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171696 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1171696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177180 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1177180"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179729 for CVE-2020-1945",
          "url": "https://bugzilla.suse.com/1179729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ant-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-jmf-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-scripts-1.10.10-1.2.x86_64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.aarch64",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.ppc64le",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.s390x",
            "openSUSE Tumbleweed:ant-swing-1.10.10-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-1945"
    }
  ]
}

FKIE_CVE-2020-1945

Vulnerability from fkie_nvd - Published: 2020-05-14 16:15 - Updated: 2024-11-21 05:11

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
security@apache.org	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2020/09/30/6	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2020/12/06/1	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E	Mailing List, Vendor Advisory
security@apache.org	https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E
security@apache.org	https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/
security@apache.org	https://security.gentoo.org/glsa/202007-34	Third Party Advisory
security@apache.org	https://usn.ubuntu.com/4380-1/	Mailing List, Vendor Advisory
security@apache.org	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujan2021.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/09/30/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/12/06/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202007-34	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4380-1/	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
apache	ant	*
apache	ant	*
canonical	ubuntu_linux	19.10
fedoraproject	fedora	31
fedoraproject	fedora	32
opensuse	leap	15.2
oracle	agile_engineering_data_management	6.2.1.0
oracle	banking_enterprise_collections	*
oracle	banking_liquidity_management	*
oracle	banking_platform	*
oracle	business_process_management_suite	12.2.1.3.0
oracle	business_process_management_suite	12.2.1.4.0
oracle	category_management_planning_\&_optimization	15.0.3
oracle	communications_asap	7.3
oracle	communications_diameter_signaling_router	*
oracle	communications_metasolv_solution	6.3.0
oracle	communications_order_and_service_management	7.3
oracle	communications_order_and_service_management	7.4
oracle	data_integrator	12.2.1.3.0
oracle	data_integrator	12.2.1.4.0
oracle	endeca_information_discovery_studio	3.2.0
oracle	enterprise_manager_ops_center	12.4.0.0
oracle	enterprise_repository	11.1.1.7.0
oracle	financial_services_analytical_applications_infrastructure	*
oracle	flexcube_investor_servicing	12.1.0
oracle	flexcube_investor_servicing	12.3.0
oracle	flexcube_investor_servicing	12.4.0
oracle	flexcube_investor_servicing	14.0.0
oracle	flexcube_investor_servicing	14.1.0
oracle	flexcube_private_banking	12.0.0
oracle	flexcube_private_banking	12.1.0
oracle	health_sciences_information_manager	*
oracle	primavera_gateway	*
oracle	primavera_gateway	*
oracle	primavera_unifier	*
oracle	primavera_unifier	16.1
oracle	primavera_unifier	16.2
oracle	primavera_unifier	18.8
oracle	primavera_unifier	19.12
oracle	rapid_planning	12.1
oracle	rapid_planning	12.2
oracle	real-time_decision_server	3.2.1.0
oracle	retail_advanced_inventory_planning	14.1
oracle	retail_advanced_inventory_planning	15.0
oracle	retail_advanced_inventory_planning	16.0
oracle	retail_assortment_planning	15.0.3
oracle	retail_assortment_planning	16.0.3
oracle	retail_back_office	14.0
oracle	retail_back_office	14.1
oracle	retail_bulk_data_integration	15.0
oracle	retail_bulk_data_integration	16.0
oracle	retail_bulk_data_integration	16.0.3.0
oracle	retail_bulk_data_integration	19.0.1
oracle	retail_central_office	14.0
oracle	retail_central_office	14.1
oracle	retail_data_extractor_for_merchandising	1.9
oracle	retail_data_extractor_for_merchandising	1.10
oracle	retail_extract_transform_and_load	13.2.5
oracle	retail_extract_transform_and_load	13.2.8
oracle	retail_financial_integration	14.1.3.2
oracle	retail_financial_integration	15.0
oracle	retail_financial_integration	15.0.4.0
oracle	retail_financial_integration	16.0
oracle	retail_financial_integration	16.0.3.0
oracle	retail_integration_bus	14.1
oracle	retail_integration_bus	14.1.3.2
oracle	retail_integration_bus	15.0
oracle	retail_integration_bus	15.0.4.0
oracle	retail_integration_bus	16.0
oracle	retail_integration_bus	16.0.3.0
oracle	retail_integration_bus	19.0.1.0
oracle	retail_item_planning	15.0.3
oracle	retail_macro_space_optimization	15.0.3
oracle	retail_merchandise_financial_planning	15.0.3
oracle	retail_merchandising_system	19.0.1
oracle	retail_point-of-service	14.0
oracle	retail_point-of-service	14.1
oracle	retail_point-of-service	15.0
oracle	retail_point-of-service	16.0
oracle	retail_predictive_application_server	14.0.3
oracle	retail_predictive_application_server	14.1.3
oracle	retail_predictive_application_server	15.0.3
oracle	retail_predictive_application_server	16.0.3
oracle	retail_predictive_application_server	16.0.3.0
oracle	retail_regular_price_optimization	15.0.3
oracle	retail_regular_price_optimization	16.0.3
oracle	retail_replenishment_optimization	15.0.3
oracle	retail_returns_management	14.0
oracle	retail_returns_management	14.1
oracle	retail_service_backbone	14.1.3.2
oracle	retail_service_backbone	15.0
oracle	retail_service_backbone	15.0.4.0
oracle	retail_service_backbone	16.0
oracle	retail_service_backbone	16.0.3.0
oracle	retail_service_backbone	19.0.1.0
oracle	retail_size_profile_optimization	15.0.3
oracle	retail_size_profile_optimization	16.0.3
oracle	retail_store_inventory_management	14.0.4
oracle	retail_store_inventory_management	14.1
oracle	retail_store_inventory_management	14.1.3
oracle	retail_store_inventory_management	15.0
oracle	retail_store_inventory_management	15.0.3
oracle	retail_store_inventory_management	16.0
oracle	retail_store_inventory_management	16.0.3
oracle	retail_xstore_point_of_service	15.0.4
oracle	retail_xstore_point_of_service	16.0.6
oracle	retail_xstore_point_of_service	17.0.4
oracle	retail_xstore_point_of_service	18.0.3
oracle	retail_xstore_point_of_service	19.0.2
oracle	timesten_in-memory_database	*
oracle	timesten_in-memory_database	11.2.2.8.49
oracle	utilities_framework	*
oracle	utilities_framework	2.2.0.0.0
oracle	utilities_framework	4.2.0.2.0
oracle	utilities_framework	4.2.0.3.0
oracle	utilities_framework	4.4.0.0.0
oracle	utilities_framework	4.4.0.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B89E03B-8066-45B2-9EC5-960A69B839F0",
              "versionEndIncluding": "1.9.14",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC8E517-4020-4DB2-B1E3-F68CC0D074C9",
              "versionEndIncluding": "1.10.7",
              "versionStartIncluding": "1.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A7EB29-65F6-4626-BA32-15D819B2B1AA",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "965EDB5A-A8E9-4ACB-AA93-610F13031A90",
              "versionEndIncluding": "14.4.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:category_management_planning_\\\u0026_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9038EC-AFF9-46C8-ABE4-BE4BBDFD3E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CC9E01-616E-411B-B0C7-DE6E599D3319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "991A279B-9D7C-4E39-8827-BC21C2C03B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69266D2-72D0-4A6C-883D-2597FE30931B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "448762C8-9CA2-40CD-968C-FABD05D20FAD",
              "versionEndIncluding": "3.0.2",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
              "versionEndIncluding": "16.2.11",
              "versionStartIncluding": "16.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED",
              "versionEndIncluding": "17.12.7",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2288B1-FF5E-46BC-8551-4CC6B046A0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "43DA1635-08DA-434D-AA39-20D117468B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "037A31EF-B0AF-4800-B6F4-9CDE92ABB730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13F93FA2-B50B-4274-B636-740AEE587414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F701CFD0-AA7D-44B1-BC17-5666CDE32196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C401E65A-8FA0-44E6-9AFC-6CC06498122F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4F8ECA-028E-486D-B318-E4CF5FE91A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD31AC22-CF51-4F0B-84BF-716CCB45AD9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F09182F-D0F2-41A7-A4AB-79099194B2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44AA1B51-8A24-48F0-B16F-803D69698707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "919DED83-2F88-4202-9556-5F4E5E1E6790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29C39DD-971B-4A3F-BA08-91C8CC9B4A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DD0665-C420-4F6F-AD1F-07674B13614E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_item_planning:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B54AAF6-A011-4108-A741-209AAFEBA1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_macro_space_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EEB643C-684B-42A7-983C-187F8D134E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandise_financial_planning:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5003D578-C9C2-4EC6-8866-5406789AEEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5EF655-EC1E-4ED3-B4AE-D74492577BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12FFD3D-ED01-46AC-97B2-ADFEE80A2537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "118E48CE-8603-442B-B9C9-E30A41E4D974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_regular_price_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A1BB93-EFAD-4684-A87C-5FD0A7F2955A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0922934E-2658-430F-99BE-A13C8A5F4338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_replenishment_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "558A12F0-7070-461D-B5A5-911CDB34CD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1581DEE7-48C3-4832-B616-A25D9DD3E898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77326E29-0F3C-4BF1-905F-FF89EB9A897A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "013198BA-493A-4AD6-ADD7-A19FD81C7857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ACC94B-4A9F-451D-B639-6008A108BDDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1933509-1BEA-45DA-B6AF-2713B432B1F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA1BF68-635B-4577-B3F7-DEBC39567C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B202AEF-1197-441B-8EA1-2913BFD8A545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D8F551-8DC8-4510-8350-AE6BC64748DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "513AE97F-161C-43D2-B2D1-653125A9E920",
              "versionEndExcluding": "11.2.2.8.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9EB3DE5-142C-43A5-9735-CB73C54D42E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D883EED9-CC64-479D-9C0A-35EB16F43AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
    },
    {
      "lang": "es",
      "value": "Apache Ant versiones 1.1 hasta 1.9.14 y versiones 1.10.0 hasta 1.10.7, utiliza el directorio temporal por defecto identificado por la propiedad del sistema Java java.io.tmpdir para varias tareas y puede, por tanto, filtrar informaci\u00f3n confidencial. Las tareas fixcrlf y replaceregexp tambi\u00e9n copian los archivos desde el directorio temporal de nuevo en el \u00e1rbol de compilaci\u00f3n, lo que permite a un atacante inyectar archivos fuente modificados en el proceso de compilaci\u00f3n."
    }
  ],
  "id": "CVE-2020-1945",
  "lastModified": "2024-11-21T05:11:42.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T16:15:12.767",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-34"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4380-1/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4380-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

NCSC-2024-0298

Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:54 - Updated: 2024-07-17 13:54

Summary

Kwetsbaarheden verholpen in Oracle Fusion Middleware

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.

Interpretaties

Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: * Denial-of-Service (DoS) * Toegang tot gevoelige gegevens * Toegang tot systeemgegevens * Manipulatie van gegevens * (Remote) code execution (Gebruikersrechten)

Oplossingen

Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.

Kans

medium

Schade

high

CWE-122

Heap-based Buffer Overflow

CWE-145

Improper Neutralization of Section Delimiters

CWE-190

Integer Overflow or Wraparound

CWE-20

Improper Input Validation

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-222

Truncation of Security-relevant Information

CWE-284

Improper Access Control

CWE-299

Improper Check for Certificate Revocation

CWE-306

Missing Authentication for Critical Function

CWE-328

Use of Weak Hash

CWE-377

Insecure Temporary File

CWE-400

Uncontrolled Resource Consumption

CWE-404

Improper Resource Shutdown or Release

CWE-416

Use After Free

CWE-552

Files or Directories Accessible to External Parties

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-787

Out-of-bounds Write

CWE-918

Server-Side Request Forgery (SSRF)

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Section Delimiters",
        "title": "CWE-145"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Truncation of Security-relevant Information",
        "title": "CWE-222"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Check for Certificate Revocation",
        "title": "CWE-299"
      },
      {
        "category": "general",
        "text": "Missing Authentication for Critical Function",
        "title": "CWE-306"
      },
      {
        "category": "general",
        "text": "Use of Weak Hash",
        "title": "CWE-328"
      },
      {
        "category": "general",
        "text": "Insecure Temporary File",
        "title": "CWE-377"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Files or Directories Accessible to External Parties",
        "title": "CWE-552"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13956"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45378"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29081"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34034"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36478"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45853"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46750"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6129"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21133"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21175"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21181"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21182"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21183"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22243"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22259"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857"
      },
      {
        "category": "external",
        "summary": "Reference - oracle",
        "url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; ibm; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
      }
    ],
    "title": " Kwetsbaarheden verholpen in Oracle Fusion Middleware",
    "tracking": {
      "current_release_date": "2024-07-17T13:54:00.411174Z",
      "id": "NCSC-2024-0298",
      "initial_release_date": "2024-07-17T13:54:00.411174Z",
      "revision_history": [
        {
          "date": "2024-07-17T13:54:00.411174Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "fusion_middleware_mapviewer",
            "product": {
              "name": "fusion_middleware_mapviewer",
              "product_id": "CSAFPID-226018",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "fusion_middleware",
            "product": {
              "name": "fusion_middleware",
              "product_id": "CSAFPID-271904",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-1945",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insecure Temporary File",
          "title": "CWE-377"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-1945",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1945.json"
        }
      ],
      "title": "CVE-2020-1945"
    },
    {
      "cve": "CVE-2020-13956",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-13956",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2020-13956"
    },
    {
      "cve": "CVE-2021-29425",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-29425",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
        }
      ],
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-37533",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-37533",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2021-37533"
    },
    {
      "cve": "CVE-2022-40152",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-40152",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40152.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2022-40152"
    },
    {
      "cve": "CVE-2022-45378",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-45378",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45378.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2022-45378"
    },
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904",
          "CSAFPID-226018"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-2976",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904",
            "CSAFPID-226018"
          ]
        }
      ],
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-4759",
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-4759",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2023-4759"
    },
    {
      "cve": "CVE-2023-5072",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904",
          "CSAFPID-226018"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5072",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904",
            "CSAFPID-226018"
          ]
        }
      ],
      "title": "CVE-2023-5072"
    },
    {
      "cve": "CVE-2023-6129",
      "cwe": {
        "id": "CWE-328",
        "name": "Use of Weak Hash"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Weak Hash",
          "title": "CWE-328"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6129",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2023-24998",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904",
          "CSAFPID-226018"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-24998",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
        }
      ],
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-29081",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-29081",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29081.json"
        }
      ],
      "title": "CVE-2023-29081"
    },
    {
      "cve": "CVE-2023-34034",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Section Delimiters",
          "title": "CWE-145"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-34034",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34034.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2023-34034"
    },
    {
      "cve": "CVE-2023-36478",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904",
          "CSAFPID-226018"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-36478",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36478.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904",
            "CSAFPID-226018"
          ]
        }
      ],
      "title": "CVE-2023-36478"
    },
    {
      "cve": "CVE-2023-45853",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-45853",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45853.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2023-45853"
    },
    {
      "cve": "CVE-2023-46750",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-46750",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46750.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2023-46750"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Truncation of Security-relevant Information",
          "title": "CWE-222"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904",
          "CSAFPID-226018"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-48795",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904",
            "CSAFPID-226018"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-52425",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-52425",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2023-52425"
    },
    {
      "cve": "CVE-2024-0853",
      "cwe": {
        "id": "CWE-299",
        "name": "Improper Check for Certificate Revocation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Check for Certificate Revocation",
          "title": "CWE-299"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0853",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-0853"
    },
    {
      "cve": "CVE-2024-21133",
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21133",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21133.json"
        }
      ],
      "title": "CVE-2024-21133"
    },
    {
      "cve": "CVE-2024-21175",
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21175",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21175.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-21175"
    },
    {
      "cve": "CVE-2024-21181",
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21181",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21181.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-21181"
    },
    {
      "cve": "CVE-2024-21182",
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21182",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-21182"
    },
    {
      "cve": "CVE-2024-21183",
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21183",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21183.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-21183"
    },
    {
      "cve": "CVE-2024-22201",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-22201"
    },
    {
      "cve": "CVE-2024-22243",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22243",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22243.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-22243"
    },
    {
      "cve": "CVE-2024-22259",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        },
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22259",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22259.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-22259"
    },
    {
      "cve": "CVE-2024-22262",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-22262",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-25062",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25062",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-26308",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-226018",
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26308",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-226018",
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-26308"
    },
    {
      "cve": "CVE-2024-29025",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29025",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
        }
      ],
      "title": "CVE-2024-29025"
    },
    {
      "cve": "CVE-2024-29857",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-271904"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-29857",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-271904"
          ]
        }
      ],
      "title": "CVE-2024-29857"
    }
  ]
}

GHSA-4P6W-M9WC-C9C9

Vulnerability from github – Published: 2020-09-14 18:13 – Updated: 2022-02-08 22:06

Summary

Sensitive Data Exposure in Apache Ant

Details

Severity ?

6.3 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.ant:ant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1"
            },
            {
              "fixed": "1.9.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.ant:ant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10.0"
            },
            {
              "fixed": "1.10.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-1945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-09-14T18:12:46Z",
    "nvd_published_at": "2020-05-14T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
  "id": "GHSA-4p6w-m9wc-c9c9",
  "modified": "2022-02-08T22:06:02Z",
  "published": "2020-09-14T18:13:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-34"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4380-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sensitive Data Exposure in Apache Ant"
}

GSD-2020-1945

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-1945

Aliases

CVE-2020-1945

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1945",
    "description": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
    "id": "GSD-2020-1945",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-1945.html",
      "https://access.redhat.com/errata/RHSA-2021:0637",
      "https://access.redhat.com/errata/RHSA-2021:0429",
      "https://access.redhat.com/errata/RHSA-2021:0423",
      "https://access.redhat.com/errata/RHSA-2020:4961",
      "https://access.redhat.com/errata/RHSA-2020:4960",
      "https://access.redhat.com/errata/RHSA-2020:2618",
      "https://advisories.mageia.org/CVE-2020-1945.html",
      "https://security.archlinux.org/CVE-2020-1945",
      "https://ubuntu.com/security/CVE-2020-1945"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1945"
      ],
      "details": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
      "id": "GSD-2020-1945",
      "modified": "2023-12-13T01:21:58.586776Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2020-1945",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Ant",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "insecure temporary file vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "USN-4380-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4380-1/"
          },
          {
            "name": "FEDORA-2020-52741b0a49",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
          },
          {
            "name": "FEDORA-2020-7f07da3fef",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
          },
          {
            "name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
          },
          {
            "name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:1022",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
          },
          {
            "name": "GLSA-202007-34",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202007-34"
          },
          {
            "name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"
          },
          {
            "name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"
          },
          {
            "name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"
          },
          {
            "name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"
          },
          {
            "name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
          },
          {
            "name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.1,1.9.14],[1.10.0,1.10.7]",
          "affected_versions": "All versions starting from 1.1 up to 1.9.14, all versions starting from 1.10.0 up to 1.10.7",
          "cvss_v2": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-668",
            "CWE-937"
          ],
          "date": "2021-12-03",
          "description": "Apache Ant uses the default temporary directory identified by the Java system property `java.io.tmpdir` for several tasks and may thus leak sensitive information. The `fixcrlf` and `replaceregexp` tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.",
          "fixed_versions": [
            "1.9.15",
            "1.10.8"
          ],
          "identifier": "CVE-2020-1945",
          "identifiers": [
            "CVE-2020-1945"
          ],
          "not_impacted": "All versions before 1.1, all versions after 1.9.14 before 1.10.0, all versions after 1.10.7",
          "package_slug": "maven/org.apache.ant/ant",
          "pubdate": "2020-05-14",
          "solution": "Upgrade to versions 1.9.15, 1.10.8 or above.",
          "title": "Information Exposure",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-1945",
            "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E",
            "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E",
            "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E",
            "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E",
            "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E",
            "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E",
            "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
          ],
          "uuid": "63a7e919-b5b9-4ccc-b1da-9ed7a7d4e38b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.9.14",
                "versionStartIncluding": "1.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.10.7",
                "versionStartIncluding": "1.10.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.9.0",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.4.0",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.9.0",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:category_management_planning_\\\u0026_optimization:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.2.2",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.0",
                "versionStartIncluding": "8.0.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.2",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.2.11",
                "versionStartIncluding": "16.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12.7",
                "versionStartIncluding": "17.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.12",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_item_planning:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_macro_space_optimization:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandise_financial_planning:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_regular_price_optimization:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_replenishment_optimization:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_size_profile_optimization:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2.2.8.27",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.0.6.0",
                "versionStartIncluding": "4.3.0.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1945"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
              "refsource": "MLIST",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "FEDORA-2020-52741b0a49",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
            },
            {
              "name": "FEDORA-2020-7f07da3fef",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
            },
            {
              "name": "USN-4380-1",
              "refsource": "UBUNTU",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://usn.ubuntu.com/4380-1/"
            },
            {
              "name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:1022",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
            },
            {
              "name": "GLSA-202007-34",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202007-34"
            },
            {
              "name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"
            },
            {
              "name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"
            },
            {
              "name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"
            },
            {
              "name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
            },
            {
              "name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2022-04-04T13:31Z",
      "publishedDate": "2020-05-14T16:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1945 (GCVE-0-2020-1945)

Apache Ant vulnerability

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature