Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-23064 (GCVE-0-2020-23064)
Vulnerability from cvelistv5 – Published: 2023-06-26 00:00 – Updated: 2024-05-15 16:18
VLAI
EPSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-05-15T16:18:40.267Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23064",
"datePublished": "2023-06-26T00:00:00.000Z",
"dateRejected": "2024-05-15T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-05-15T16:18:40.267Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-23064\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-06-26T19:15:09.450\",\"lastModified\":\"2024-05-15T17:15:09.227\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.\"}],\"metrics\":{},\"references\":[]}}"
}
}
RHSA-2025:7625
Vulnerability from csaf_redhat - Published: 2025-05-14 17:51 - Updated: 2026-04-30 13:31Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.13.0 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Broker 7.13.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.13.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* (CVE-2020-23064) jquery: Cross-site scripting
* (CVE-2024-25710) commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
* (CVE-2024-26308) commons-compress: OutOfMemoryError unpacking broken Pack200 file
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the <options> element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7.13.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.13
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7.13.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7.13.0
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7.13
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.13.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.13.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2020-23064) jquery: Cross-site scripting\n* (CVE-2024-25710) commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file\n* (CVE-2024-26308) commons-compress: OutOfMemoryError unpacking broken Pack200 file\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7625",
"url": "https://access.redhat.com/errata/RHSA-2025:7625"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.13.0"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.13"
},
{
"category": "external",
"summary": "2217733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217733"
},
{
"category": "external",
"summary": "2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "2264989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7625.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.13.0 release and security update",
"tracking": {
"current_release_date": "2026-04-30T13:31:14+00:00",
"generator": {
"date": "2026-04-30T13:31:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2025:7625",
"initial_release_date": "2025-05-14T17:51:15+00:00",
"revision_history": [
{
"date": "2025-05-14T17:51:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-14T17:51:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:31:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7.13.0",
"product": {
"name": "Red Hat AMQ Broker 7.13.0",
"product_id": "Red Hat AMQ Broker 7.13.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7.13"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-23064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217733"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the \u003coptions\u003e element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim\u0027s web browser within the security context of the hosting website once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-23064"
},
{
"category": "external",
"summary": "RHBZ#2217733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-23064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23064"
}
],
"release_date": "2023-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T17:51:15+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7625"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264988"
}
],
"notes": [
{
"category": "description",
"text": "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25710"
},
{
"category": "external",
"summary": "RHBZ#2264988",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264988"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/1"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
"url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T17:51:15+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7625"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"Red Hat AMQ Broker 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264989"
}
],
"notes": [
{
"category": "description",
"text": "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-compress: OutOfMemoryError unpacking broken Pack200 file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7.13.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-26308"
},
{
"category": "external",
"summary": "RHBZ#2264989",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg",
"url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2024/02/19/2",
"url": "https://www.openwall.com/lists/oss-security/2024/02/19/2"
}
],
"release_date": "2024-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T17:51:15+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ Broker 7.13.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7625"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability.",
"product_ids": [
"Red Hat AMQ Broker 7.13.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7.13.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "commons-compress: OutOfMemoryError unpacking broken Pack200 file"
}
]
}
SSA-576771
Vulnerability from csaf_siemens - Published: 2024-03-12 00:00 - Updated: 2024-03-12 00:00Summary
SSA-576771: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2
Notes
Summary: SINEMA Remote Connect Server before V3.2 is affected by multiple vulnerabilities.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEMA Remote Connect Server before V3.2 is affected by multiple vulnerabilities.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-576771: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html"
},
{
"category": "self",
"summary": "SSA-576771: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-576771.json"
},
{
"category": "self",
"summary": "SSA-576771: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-576771.pdf"
},
{
"category": "self",
"summary": "SSA-576771: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-576771.txt"
}
],
"title": "SSA-576771: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2",
"tracking": {
"current_release_date": "2024-03-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-576771",
"initial_release_date": "2024-03-12T00:00:00Z",
"revision_history": [
{
"date": "2024-03-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2",
"product": {
"name": "SINEMA Remote Connect Server",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "\u003cV3.1",
"product": {
"name": "SINEMA Remote Connect Server",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SINEMA Remote Connect Server"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-23064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the \u003coptions\u003e element.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"2"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"2"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811169/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"2"
]
}
],
"title": "CVE-2020-23064"
},
{
"cve": "CVE-2022-32257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.2 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109826375/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2022-32257"
}
]
}
WID-SEC-W-2023-1572
Vulnerability from csaf_certbund - Published: 2023-06-26 22:00 - Updated: 2025-05-14 22:00Summary
jQuery: Schwachstelle ermöglicht Cross-Site Scripting
Severity
Niedrig
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verfügung stellt.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Storage Scale
IBM
|
cpe:/a:ibm:spectrum_scale:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source jQuery <3.5.0
Open Source / jQuery
|
<3.5.0 | ||
|
IBM QRadar SIEM <7.5.0 UP9
IBM / QRadar SIEM
|
<7.5.0 UP9 |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1572 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1572.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1572 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1572"
},
{
"category": "external",
"summary": "Red Hat Bugzilla \u2013 Bug 2217733 vom 2023-06-26",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217733"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7160134 vom 2024-07-12",
"url": "https://www.ibm.com/support/pages/node/7160134"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178266 vom 2024-12-09",
"url": "https://www.ibm.com/support/pages/node/7178266"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7625 vom 2025-05-14",
"url": "https://access.redhat.com/errata/RHSA-2025:7625"
}
],
"source_lang": "en-US",
"title": "jQuery: Schwachstelle erm\u00f6glicht Cross-Site Scripting",
"tracking": {
"current_release_date": "2025-05-14T22:00:00.000+00:00",
"generator": {
"date": "2025-05-15T09:09:29.543+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-1572",
"initial_release_date": "2023-06-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-12-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP9",
"product_id": "T036127"
}
},
{
"category": "product_version",
"name": "7.5.0 UP9",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP9",
"product_id": "T036127-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up9"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM Storage Scale",
"product": {
"name": "IBM Storage Scale",
"product_id": "T019402",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.5.0",
"product": {
"name": "Open Source jQuery \u003c3.5.0",
"product_id": "737013"
}
},
{
"category": "product_version",
"name": "3.5.0",
"product": {
"name": "Open Source jQuery 3.5.0",
"product_id": "737013-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:jquery:jquery:3.5.0"
}
}
}
],
"category": "product_name",
"name": "jQuery"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-23064",
"product_status": {
"known_affected": [
"T019402",
"67646",
"737013",
"T036127"
]
},
"release_date": "2023-06-26T22:00:00.000+00:00",
"title": "CVE-2020-23064"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…