Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-24489 (GCVE-0-2020-24489)
Vulnerability from cvelistv5 – Published: 2021-06-09 19:59 – Updated: 2024-08-04 15:12
VLAI
EPSS
Summary
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity
No CVSS data available.
CWE
- escalation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.intel.com/content/www/us/en/security-… | x_refsource_MISC |
| https://www.debian.org/security/2021/dsa-4934 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) VT-d products |
Affected:
See references
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:09.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html"
},
{
"name": "DSA-4934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) VT-d products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-26T09:06:13.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html"
},
{
"name": "DSA-4934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-24489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) VT-d products",
"version": {
"version_data": [
{
"version_value": "See references"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html"
},
{
"name": "DSA-4934",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"name": "[debian-lts-announce] 20210726 [SECURITY] [DLA 2718-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-24489",
"datePublished": "2021-06-09T19:59:51.000Z",
"dateReserved": "2020-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:12:09.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-24489",
"date": "2026-05-28",
"epss": "0.00073",
"percentile": "0.222"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-24489\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2021-06-09T20:15:08.140\",\"lastModified\":\"2024-11-21T05:14:54.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.\"},{\"lang\":\"es\",\"value\":\"Una limpieza incompleta en algunos productos Intel\u00ae VT-d puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de un acceso local\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454AC633-5F1C-47BB-8FA7-91A5C29A1DD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2394E8C-58D9-480B-87A7-A41CD7697FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B9AC02B-D3AE-4FAF-836E-55515186A462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j1750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2F55513-48F4-44EC-9293-2CA744FCE07B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j1800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D52347-FA7F-4592-99E4-4C01D2833F35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j1850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EC9A22-4893-4770-A501-31D492DC7EC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j1900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"744EC990-7849-4BC1-BC75-1D64693645A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j3060:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B949F28E-5C73-4222-973E-DC39325E9268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j3160:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132E32FD-4A52-43AF-9C0A-75F299B4C93F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j3355:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7087FCA7-6D5C-45A5-B380-533915BC608A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j3355e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85683891-11D4-47B1-834B-5E0380351E78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j3455:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBF2D89D-AC2D-4EAB-ADF3-66C25FE54E19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j3455e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D778C7-F242-4A6A-9B62-A7C578D985FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j4005:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652EC574-B9B6-4747-AE72-39D1379A596B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j4025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"522A9A57-B8D8-4C61-92E3-BE894A765C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j4105:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A588BEB3-90B5-482E-B6C4-DC6529B0B4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j4115:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C9363D-0A97-4A2D-BFA0-501D5107DBF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j4125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"826BAF04-E174-483D-8700-7FA1EAC4D555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j6412:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D3162DD-BF40-4A58-8FC4-63B4455C0E51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_j6413:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7A8BF58-1D33-484A-951C-808443912BE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2805:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04CEC115-871B-4222-A3F8-6B1EE15E9A2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2806:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FD0BD9D-F741-457D-9495-8BCC3707D098\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2807:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2935CEA-13CE-4F4C-84B1-0318FB6FE39A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3BB7241-F796-44A7-8171-B555A45FF852\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F967E7C-E56D-46B2-AEB8-1931FA324029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2815:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D902C7F-DCE8-41ED-8E80-26DA251FBF36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2820:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71C505E0-3548-49BD-9B53-2A588FF29144\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2830:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E735023-A75C-48E3-AD6B-BB29CF95B17F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2910:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4080CDEF-3938-44D5-9737-6A9D72DB54B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2920:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77976A7-6C2D-4E0B-A28B-06A23EEA0D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2930:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5600350-04CC-4481-AC47-9F98BEB9D258\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n2940:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5A64D0A-D1C2-41B3-B51B-563263438CA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B57F4250-80C8-4612-97F6-2702D3F7DF25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AA180B4-0EB8-4884-A600-BFAEB64A0A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3050:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27D79952-8946-488A-8BD8-6129D97A8E34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3060:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B17905A-95E2-4E60-8A0F-AA8ABAF9D523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"752081F5-AE8D-4004-B564-863840AC52E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3160:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5375A75A-85AA-4119-9F6C-1AD9D2550F6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5884F21-BAB5-4A45-8C72-C90D07BAECA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3350e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC2A2AC5-FA56-49F0-BA00-E96B10FEF889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n3450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8FF7ADD-9E27-4A23-9714-5B76132C20BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8771AB4-2F51-494D-8C86-3524BB4219C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4000c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1795C64C-E28B-4003-84B6-AB4140C20750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D7E822D-994F-410D-B13C-939449FFC293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4020c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C92E6F6A-82C6-4485-B381-1EFB85B8B1F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB5576F2-4914-427C-9518-ED7D16630CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ABB7C52-863F-4291-A05B-422EE9615FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B54D15DF-53EA-4611-932A-EDB8279F582A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n4505:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE7B5E21-2796-4578-998F-B03E26277DE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n5095:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D279BF-5561-4B83-B05C-77597339ECB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n5100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96D6F5D3-3559-47AD-8201-C9D34417DC09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n5105:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA455AC5-8434-4B59-BE89-E82CDACD2AEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n6210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D31CA93-6F45-4BCE-B504-35F6494B864C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:celeron_n6211:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"406E9139-BCFF-406B-A856-57896D27B752\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1000g1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DAA00D4-A8AA-44AA-9609-0A40BD4FB2E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1000g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF64D95C-653A-4864-A572-CD0A64B6CDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1000ng4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E40B89C2-49CD-4216-9D4C-79695698EAAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1005g1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30B2F570-1DD9-49C7-BB72-0EA0E9A417C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DA9CBE9-CF87-495B-8D80-5DDDCD2044B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10100e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F751905-287E-47EA-93B8-2BA576052AAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10100f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"614B1B4E-E1D7-417F-86D1-92F75D597E36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10100t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BD11E86-B786-43C8-9B67-8F680CC30451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10100te:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D740D69-83B6-4DBF-8617-9B1E96DFF4FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10100y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9963C9F-2D15-479A-A6C1-0C9863904B7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10105:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BB09ACB-EFFF-4C2F-BEB5-AE1EEDC1EC2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10105f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8B15567-BFEA-43BE-9817-98A1F5548541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10105t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"984C7C7A-2F8E-4918-8526-64A080943E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10110u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44BF0AFB-E9DC-4EA5-BFFF-48F896C655E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10110y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43454510-4BE7-4CD1-960D-AE1B36EFBEA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7AFC285-2248-45E7-9009-1402628F17E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10300t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"078DAE1F-8581-44FB-83EA-575685928C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10305:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"887BEC29-AD0D-4BEB-B50B-F961629BBF23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10305t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93859A03-DE41-4E7B-8646-93925ACBFC42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FD8BD84-B6F9-48D5-8903-2C56C12EFFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-10325:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9877F278-641B-4F83-B420-AB4E1018EA9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-11100b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD8DB12-8CBE-4140-97A2-B88C3BF61E6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1110g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C60AF0D-983D-454E-8940-209C471DC041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1115g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F26C6DA-ED6B-444A-A63A-5155FCA4F0DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1115g4e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66BAF09D-8199-4579-B25A-E7C5177385E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1115gre:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21EA30AA-713F-40AD-8C94-C1129198EE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1120g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D9B687-C3EE-4AF5-B9BE-7F0698D0F258\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-1125g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"114DF43C-839F-4066-AA30-8DC16B1D6687\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i3-l13g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39FD6F9C-FEEA-4D52-8745-6477B50AFB0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10200h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB69A6F1-9B4D-4CDA-8388-E7FCBB2163DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10210u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71615EAF-4DF4-4B9E-BF34-6ED0371A53D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10210y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"376B6DD7-1284-4BD9-88A4-5C34303CC5D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10300h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"403E8A3A-28C2-4329-BF31-1A530E317959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1030g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5F6F725-217C-48FF-86DD-E91A24156121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1030g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"365696BF-CE3D-4CE6-92A8-413DDE43774E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1030ng7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7824FB5D-4401-4785-BD6D-4A8E67434217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10310u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F3DE58-EC72-429F-A223-F2027D2828AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10310y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8515D29-3823-4F9B-9578-8BB52336A2A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1035g1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE048AEB-094D-4102-9DBF-488FEB53FF89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1035g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3907FA31-6F1A-45BA-ACF3-1C8EE05D9BA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1035g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D48D9F5F-95BD-4F6B-8A37-D1CAA7D2DB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1038ng7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E6B9500-2C37-48D5-A0BA-A159D04AC6CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BF497A0-30BC-42A4-A000-C0D564D4872A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10400f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3025301-52D3-43D7-B6AB-F3F0A5C882DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10400h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B2A62F5-A8DF-4565-B89F-9C58B1FB8D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10400t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9466A6CC-8D69-4EB5-94E2-611297120462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D116C4-698B-45BC-8622-87E142B37922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10500e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AFE4FE7-AA7E-425E-AF51-2FCB3E4E6C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10500h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DCA6E61-F1C9-4629-9068-545B19CF95E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10500t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36836EB0-99DD-4217-9182-1E9FC5656C42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10500te:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD507601-CD6D-4F11-A4A7-790FB740B401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10505:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C26205-C602-46F6-B611-424709325D6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"464587A0-9EAA-4DF5-AFEB-15F2FA9CD407\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10600k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1940F59A-67FD-45F9-9C78-51A50687628F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10600kf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B722E2A-1262-44FD-8F7C-F9A9A5C78744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-10600t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEFF6A7-0DE2-4BEE-80DC-BBAB259647AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11260h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BCD9C35-95D0-49E6-A9AC-E3AA8CD3F7B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11300h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40E9EC2-A8A6-4800-9F9E-B1237832D6F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1130g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"158CC66D-32E5-4396-8E5D-4D90EE9AB62C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11320h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55227C1C-D6CE-40AD-A5AA-7143E0A7AEF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1135g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E84F0381-296A-408E-90D4-A316EE894A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"092E3E45-5F58-412F-BAC9-C3B5290D8349\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11400f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EA7E6D0-0ADA-4BE1-8273-69AB3DE3BA36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11400h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6FCAFC0-EEE2-43E4-AE90-1803588B5689\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11400t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8640175-3BC2-4C7B-A5A3-51E5677EDECA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1140g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7077CBF1-1FC8-4AF9-8B39-A15871FFD3CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1145g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53D902B5-D135-4961-AED9-EA6DF06534B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1145g7e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2910EB49-C9C6-4FC9-AA55-E7A0DAE28B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1145gre:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B858B433-9DA0-4224-B94C-4962FB3A4138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F6B5FC3-8E55-430A-A55A-AF541690C576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11500b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06660D0F-FBB9-4C44-9972-DCE0E6249D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11500h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55568460-F318-48FB-90E4-55CBBAF13E59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11500t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7AFF680-DBC6-432E-A6DE-E7E7E4F2F26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-1155g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB84973-3DAC-4458-A817-943302F5EFF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B26C730-32FA-4D51-88FA-E724147147BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11600k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFF7C5BF-E151-42DB-B0CF-E2589904C9A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11600kf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E12D6BD2-7D32-4194-84D3-A0DE4B88BFF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-11600t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EC487F-B9A8-410F-AE1F-8D1B74BA77D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i5-l16g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A4FD69F-FF53-43F4-97C8-40867DB67958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10510u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"494A828B-F2BF-40CA-AAFB-7D2AF2BAF3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10510y:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD97F84B-ED73-4FFD-8634-10631FEE03EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1060g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6CDC1BE-6A64-425C-AF2C-7DFB28FB604A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1060ng7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BC3C45C-FACC-4890-992F-449DF6F06E11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10610u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D974FFFD-BBCC-444C-9EF1-AE478EEDB6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1065g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2243674B-E505-4FED-B063-953A1569EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1068ng7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA08C262-414E-401A-8F91-131626FA82A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1978F85-5BA5-468E-B797-7FA7EB4F489D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10700e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D3D0CA-C981-4091-99F9-203DA8F156F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10700f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EB23D0C-D2BC-4E7F-94AF-CAF171A64307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10700k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CC9312B-40A7-4D4A-A61C-3BA865C29F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10700kf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EBECBE5-2BF0-4175-81CC-C6D054C819B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10700t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB33CC4F-9D51-4A11-B063-6E78F0D71555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10700te:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7092B8E-DD3F-440D-B2AA-F0E5FC4A9725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10710u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA491401-C484-4F77-ABF8-D389C94BF7B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10750h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66F8B600-B618-48E1-81EE-14A8A843F09F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10810u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42ADD367-82C8-4761-AEBA-A0200C5D1CEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10850h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AF75C0E-BA48-4C56-8398-109D06B5A5D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10870h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25329A6F-9D49-4EA7-B9FB-8C2FA5343475\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-10875h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22921B65-513F-4ACE-80A2-4A31199BB5EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11370h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63719B1D-5A98-44E3-80D8-CF0B4C1C6F80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11375h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5365D3B-1B0B-416D-ACFB-23843FD25EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11390h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2556EF0A-B29F-4E9E-BB77-955CBC851EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1160g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8F5409D-23C7-4CA9-951C-8EEEAE31DFDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1165g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5601E40A-96E1-4321-9682-055A1C607488\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF36D9CC-2FD8-4D08-8712-E625D4754613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11700b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A59A0C-91F2-4AE7-AF60-D98059542438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11700f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3252CF19-9D1D-4A46-9C94-0E7255CDDD8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11700k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E11C7F38-3313-4F6D-9D5D-E61C89E716B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11700kf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B0C976-3B68-4647-909A-5D574D711C7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11700t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA18192E-7DBB-45BB-8568-CA7159AF8CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11800h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2FDB568-5340-4DD8-B933-1CD64C370BD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1180g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D28DF93B-E15D-47D3-B9C0-4AEE8B7FADD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-11850h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78F2DD1D-DB6F-44D1-BE3B-C798C09CC5F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1185g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12ADA9A2-6E64-4F17-B369-816639F0D3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1185g7e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"514B7B5E-D60D-464A-8CB0-273044FD2E09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1185gre:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFB608EE-83AF-4192-93E1-7DDBA5F6A54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i7-1195g7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B807B5D8-BCDB-4398-8ADC-DBD1BD8D2B88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10850k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F9F143-0AB4-4302-82B8-B4EA790EB08D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10885h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE73B0A0-E275-449D-8ADD-86AE188DE82A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE06C64A-1610-4340-98CF-AC91258AB215\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10900e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C27F79F3-EA0A-429C-8DA9-BC276A94AFB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10900f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B07609EB-E10B-4253-938E-81566036D81B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10900k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9B7AEF3-7A62-43B2-8F0C-70E5A2CDB29A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10900kf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CC44D69-AAAB-4524-9D12-F1A606D57831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10900t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D23D2887-1246-4EA4-B8B6-57BC7FB869E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10900te:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEFC46D5-B23D-4513-9669-4DC53662F87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10910:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B52310FF-8235-4081-B679-CA56C0361B1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-10980hk:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D264277-00CB-4FCC-ADAA-38536609D0F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC25725-73F6-4948-B17A-A05E8978EB78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11900f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D9BFA32-89B3-4E26-B980-2694B5378D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11900h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E2A7C5-78D9-4F75-B8A2-5EB3ECEFBFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11900k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2D04A37-79EE-467B-BD8A-0CA0BDD85F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11900kb:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84C7E63D-3622-4F10-94E1-E03357C5C167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11900kf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FECF6BE-2CED-4510-91C5-195686C9C421\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11900t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B903E2A0-EE73-4F13-AB26-8F5644462E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11950h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"170B497C-05F2-46B5-92CD-ACF7C0BE1711\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:core_i9-11980hk:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEF53EA8-8EB4-455C-A986-405DBB122D3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_j2850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C43D202-D661-4042-9F68-0FA7EE73CFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_j2900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29ECACD3-E10C-4773-B847-8C1C097C45FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_j3710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C4EF86-84BF-48F4-88DE-8142A270D4A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_j4205:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6585755-C56C-4910-A7D5-B2153396AC7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_j6426:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7596F281-BA94-4239-8238-AA5EC804AE11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n3510:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A635B99E-A03F-488A-A01B-B390691EA03B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n3520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22EAE772-AFAC-4272-8129-B416B171490C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n3530:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDB3841D-3872-42BD-B0FB-E3E61813CA63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n3540:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DC1B8F-3F6C-49D8-BF5F-54146DE3E83C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n3700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1A836B1-451E-4CEF-8A14-89FFB9289DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n3710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BC51285-B40A-4BEA-9CFF-F3BC01B5BA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n4200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A944A8C-462E-4FF9-8AD6-1687297DD0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n4200e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5378FE6C-251A-4BCD-B151-EA42B594DC37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_n6415:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638FA431-71EA-4668-AFF2-989A4994ED12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver_a1030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2333A48E-DBE1-47CC-BCFD-FEE0219AD858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver_j5005:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC903FA4-2C4E-4EBB-8BFA-579844B87354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver_j5040:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667F2E6C-C2FD-4E4B-9CC4-2EF33A74F61B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver_n5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF16D51-5662-47C3-8911-0FACEEDB9D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver_n5030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC4430E-E4B1-454F-8C95-6412D34454C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver_n6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31282347-8DCB-4B37-A853-DFD9D5AF31EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:intel:pentium_silver_n6005:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42841FAC-A6EC-44F3-9FCD-B4549A783014\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4934\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
SUSE-SU-2021:14758-1
Vulnerability from csaf_suse - Published: 2021-06-28 13:03 - Updated: 2021-06-28 13:03Summary
Security update for microcode_ctl
Severity
Important
Notes
Title of the patch: Security update for microcode_ctl
Description of the patch: This update for microcode_ctl fixes the following issues:
Updated to Intel CPU Microcode 20210525 release:
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (bsc#1179833)
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (bsc#1179836)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (bsc#1179839)
Patchnames: sleposp3-microcode_ctl-14758,slessp4-microcode_ctl-14758
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for microcode_ctl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for microcode_ctl fixes the following issues:\n\nUpdated to Intel CPU Microcode 20210525 release:\n\n- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (bsc#1179833)\n- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (bsc#1179836)\n- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837)\n- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (bsc#1179839)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-microcode_ctl-14758,slessp4-microcode_ctl-14758",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_14758-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:14758-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114758-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:14758-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009092.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179833",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "self",
"summary": "SUSE Bug 1179836",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "self",
"summary": "SUSE Bug 1179837",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "self",
"summary": "SUSE Bug 1179839",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24511 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24512 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24513 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24513/"
}
],
"title": "Security update for microcode_ctl",
"tracking": {
"current_release_date": "2021-06-28T13:03:33Z",
"generator": {
"date": "2021-06-28T13:03:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:14758-1",
"initial_release_date": "2021-06-28T13:03:33Z",
"revision_history": [
{
"date": "2021-06-28T13:03:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "microcode_ctl-1.17-102.83.71.1.i586",
"product": {
"name": "microcode_ctl-1.17-102.83.71.1.i586",
"product_id": "microcode_ctl-1.17-102.83.71.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "microcode_ctl-1.17-102.83.71.1.x86_64",
"product": {
"name": "microcode_ctl-1.17-102.83.71.1.x86_64",
"product_id": "microcode_ctl-1.17-102.83.71.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.71.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.71.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.71.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586"
},
"product_reference": "microcode_ctl-1.17-102.83.71.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "microcode_ctl-1.17-102.83.71.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
},
"product_reference": "microcode_ctl-1.17-102.83.71.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24489"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24489",
"url": "https://www.suse.com/security/cve/CVE-2020-24489"
},
{
"category": "external",
"summary": "SUSE Bug 1179839 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "external",
"summary": "SUSE Bug 1192359 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1192359"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1201731"
},
{
"category": "external",
"summary": "SUSE Bug 1225680 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1225680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:03:33Z",
"details": "important"
}
],
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24511"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24511",
"url": "https://www.suse.com/security/cve/CVE-2020-24511"
},
{
"category": "external",
"summary": "SUSE Bug 1179836 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24512"
}
],
"notes": [
{
"category": "general",
"text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24512",
"url": "https://www.suse.com/security/cve/CVE-2020-24512"
},
{
"category": "external",
"summary": "SUSE Bug 1179837 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:03:33Z",
"details": "low"
}
],
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24513"
}
],
"notes": [
{
"category": "general",
"text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24513",
"url": "https://www.suse.com/security/cve/CVE-2020-24513"
},
{
"category": "external",
"summary": "SUSE Bug 1179833 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:microcode_ctl-1.17-102.83.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-28T13:03:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-24513"
}
]
}
SUSE-SU-2021:1929-1
Vulnerability from csaf_suse - Published: 2021-06-10 07:18 - Updated: 2021-06-10 07:18Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
Patchnames: SUSE-2021-1929,SUSE-SLE-SERVER-12-SP5-2021-1929
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.6 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\nUpdated to Intel CPU Microcode 20210608 release.\n\n- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)\n See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html\n\n- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html\n\nOther fixes:\n\n- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.\n- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n- New platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2\n| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3\n| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3\n| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB\n| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB\n| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile\n| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile\n| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile\n| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E\n| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105\n| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11\n\n- Updated platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3\n| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3\n| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx\n| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable\n| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable\n| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx\n| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2\n| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2\n| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3\n| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87\n| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53\n| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx\n| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5\n| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series\n| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx\n| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile\n| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology\n| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile\n| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile\n| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile\n| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6\n| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E\n| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8\n| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9\n| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile\n| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile\n| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10\n| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10\n| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile\n| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1929,SUSE-SLE-SERVER-12-SP5-2021-1929",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1929-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1929-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211929-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1929-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008977.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179833",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "self",
"summary": "SUSE Bug 1179836",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "self",
"summary": "SUSE Bug 1179837",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "self",
"summary": "SUSE Bug 1179839",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24511 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24512 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24513 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24513/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2021-06-10T07:18:57Z",
"generator": {
"date": "2021-06-10T07:18:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1929-1",
"initial_release_date": "2021-06-10T07:18:57Z",
"revision_history": [
{
"date": "2021-06-10T07:18:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-3.35.1.i586",
"product": {
"name": "ucode-intel-20210525-3.35.1.i586",
"product_id": "ucode-intel-20210525-3.35.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-3.35.1.x86_64",
"product": {
"name": "ucode-intel-20210525-3.35.1.x86_64",
"product_id": "ucode-intel-20210525-3.35.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.35.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.35.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24489"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24489",
"url": "https://www.suse.com/security/cve/CVE-2020-24489"
},
{
"category": "external",
"summary": "SUSE Bug 1179839 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "external",
"summary": "SUSE Bug 1192359 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1192359"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1201731"
},
{
"category": "external",
"summary": "SUSE Bug 1225680 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1225680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T07:18:57Z",
"details": "important"
}
],
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24511"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24511",
"url": "https://www.suse.com/security/cve/CVE-2020-24511"
},
{
"category": "external",
"summary": "SUSE Bug 1179836 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T07:18:57Z",
"details": "moderate"
}
],
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24512"
}
],
"notes": [
{
"category": "general",
"text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24512",
"url": "https://www.suse.com/security/cve/CVE-2020-24512"
},
{
"category": "external",
"summary": "SUSE Bug 1179837 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T07:18:57Z",
"details": "low"
}
],
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24513"
}
],
"notes": [
{
"category": "general",
"text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24513",
"url": "https://www.suse.com/security/cve/CVE-2020-24513"
},
{
"category": "external",
"summary": "SUSE Bug 1179833 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:ucode-intel-20210525-3.35.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:ucode-intel-20210525-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T07:18:57Z",
"details": "moderate"
}
],
"title": "CVE-2020-24513"
}
]
}
SUSE-SU-2021:1930-1
Vulnerability from csaf_suse - Published: 2021-06-10 08:26 - Updated: 2021-06-10 08:26Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
Patchnames: HPE-Helion-OpenStack-8-2021-1930,SUSE-2021-1930,SUSE-OpenStack-Cloud-8-2021-1930,SUSE-OpenStack-Cloud-9-2021-1930,SUSE-OpenStack-Cloud-Crowbar-8-2021-1930,SUSE-OpenStack-Cloud-Crowbar-9-2021-1930,SUSE-SLE-SAP-12-SP3-2021-1930,SUSE-SLE-SAP-12-SP4-2021-1930,SUSE-SLE-SERVER-12-SP2-BCL-2021-1930,SUSE-SLE-SERVER-12-SP3-2021-1930,SUSE-SLE-SERVER-12-SP3-BCL-2021-1930,SUSE-SLE-SERVER-12-SP4-LTSS-2021-1930
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.6 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\nUpdated to Intel CPU Microcode 20210608 release.\n\n- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)\n\n See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html\n\n- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html\n\nOther fixes:\n\n- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.\n- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n- New platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2\n| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3\n| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3\n| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB\n| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB\n| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile\n| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile\n| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile\n| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E\n| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105\n| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11\n\n- Updated platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3\n| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3\n| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx\n| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable\n| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable\n| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx\n| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2\n| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2\n| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3\n| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87\n| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53\n| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx\n| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5\n| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series\n| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx\n| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile\n| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology\n| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile\n| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile\n| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile\n| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6\n| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E\n| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8\n| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9\n| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile\n| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile\n| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10\n| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10\n| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile\n| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2021-1930,SUSE-2021-1930,SUSE-OpenStack-Cloud-8-2021-1930,SUSE-OpenStack-Cloud-9-2021-1930,SUSE-OpenStack-Cloud-Crowbar-8-2021-1930,SUSE-OpenStack-Cloud-Crowbar-9-2021-1930,SUSE-SLE-SAP-12-SP3-2021-1930,SUSE-SLE-SAP-12-SP4-2021-1930,SUSE-SLE-SERVER-12-SP2-BCL-2021-1930,SUSE-SLE-SERVER-12-SP3-2021-1930,SUSE-SLE-SERVER-12-SP3-BCL-2021-1930,SUSE-SLE-SERVER-12-SP4-LTSS-2021-1930",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1930-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1930-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211930-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1930-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2021-June/019273.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179833",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "self",
"summary": "SUSE Bug 1179836",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "self",
"summary": "SUSE Bug 1179837",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "self",
"summary": "SUSE Bug 1179839",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24511 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24512 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24513 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24513/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2021-06-10T08:26:44Z",
"generator": {
"date": "2021-06-10T08:26:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1930-1",
"initial_release_date": "2021-06-10T08:26:44Z",
"revision_history": [
{
"date": "2021-06-10T08:26:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-13.90.1.i586",
"product": {
"name": "ucode-intel-20210525-13.90.1.i586",
"product_id": "ucode-intel-20210525-13.90.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-13.90.1.x86_64",
"product": {
"name": "ucode-intel-20210525-13.90.1.x86_64",
"product_id": "ucode-intel-20210525-13.90.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-13.90.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64"
},
"product_reference": "ucode-intel-20210525-13.90.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24489"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24489",
"url": "https://www.suse.com/security/cve/CVE-2020-24489"
},
{
"category": "external",
"summary": "SUSE Bug 1179839 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "external",
"summary": "SUSE Bug 1192359 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1192359"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1201731"
},
{
"category": "external",
"summary": "SUSE Bug 1225680 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1225680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:26:44Z",
"details": "important"
}
],
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24511"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24511",
"url": "https://www.suse.com/security/cve/CVE-2020-24511"
},
{
"category": "external",
"summary": "SUSE Bug 1179836 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:26:44Z",
"details": "moderate"
}
],
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24512"
}
],
"notes": [
{
"category": "general",
"text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24512",
"url": "https://www.suse.com/security/cve/CVE-2020-24512"
},
{
"category": "external",
"summary": "SUSE Bug 1179837 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:26:44Z",
"details": "low"
}
],
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24513"
}
],
"notes": [
{
"category": "general",
"text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24513",
"url": "https://www.suse.com/security/cve/CVE-2020-24513"
},
{
"category": "external",
"summary": "SUSE Bug 1179833 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:ucode-intel-20210525-13.90.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud 9:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ucode-intel-20210525-13.90.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ucode-intel-20210525-13.90.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:26:44Z",
"details": "moderate"
}
],
"title": "CVE-2020-24513"
}
]
}
SUSE-SU-2021:1931-1
Vulnerability from csaf_suse - Published: 2021-06-10 08:27 - Updated: 2021-06-10 08:27Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
Patchnames: SUSE-2021-1931,SUSE-SLE-Product-HPC-15-2021-1931,SUSE-SLE-Product-SLES_SAP-15-2021-1931
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\nUpdated to Intel CPU Microcode 20210608 release.\n\n - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)\n\n See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html\n\n - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html\n\nOther fixes:\n\n- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.\n- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n- New platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2\n| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3\n| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3\n| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB\n| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB\n| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile\n| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile\n| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile\n| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E\n| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105\n| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11\n\n- Updated platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3\n| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3\n| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx\n| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable\n| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable\n| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx\n| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2\n| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2\n| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3\n| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87\n| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53\n| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx\n| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5\n| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series\n| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx\n| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile\n| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology\n| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile\n| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile\n| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile\n| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6\n| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E\n| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8\n| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9\n| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile\n| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile\n| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10\n| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10\n| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile\n| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1931,SUSE-SLE-Product-HPC-15-2021-1931,SUSE-SLE-Product-SLES_SAP-15-2021-1931",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1931-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1931-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211931-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1931-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008983.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179833",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "self",
"summary": "SUSE Bug 1179836",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "self",
"summary": "SUSE Bug 1179837",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "self",
"summary": "SUSE Bug 1179839",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24511 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24512 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24513 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24513/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2021-06-10T08:27:00Z",
"generator": {
"date": "2021-06-10T08:27:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1931-1",
"initial_release_date": "2021-06-10T08:27:00Z",
"revision_history": [
{
"date": "2021-06-10T08:27:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-3.67.1.i586",
"product": {
"name": "ucode-intel-20210525-3.67.1.i586",
"product_id": "ucode-intel-20210525-3.67.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-3.67.1.x86_64",
"product": {
"name": "ucode-intel-20210525-3.67.1.x86_64",
"product_id": "ucode-intel-20210525-3.67.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.67.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.67.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.67.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.67.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.67.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.67.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24489"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24489",
"url": "https://www.suse.com/security/cve/CVE-2020-24489"
},
{
"category": "external",
"summary": "SUSE Bug 1179839 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "external",
"summary": "SUSE Bug 1192359 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1192359"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1201731"
},
{
"category": "external",
"summary": "SUSE Bug 1225680 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1225680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:27:00Z",
"details": "important"
}
],
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24511"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24511",
"url": "https://www.suse.com/security/cve/CVE-2020-24511"
},
{
"category": "external",
"summary": "SUSE Bug 1179836 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:27:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24512"
}
],
"notes": [
{
"category": "general",
"text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24512",
"url": "https://www.suse.com/security/cve/CVE-2020-24512"
},
{
"category": "external",
"summary": "SUSE Bug 1179837 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:27:00Z",
"details": "low"
}
],
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24513"
}
],
"notes": [
{
"category": "general",
"text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24513",
"url": "https://www.suse.com/security/cve/CVE-2020-24513"
},
{
"category": "external",
"summary": "SUSE Bug 1179833 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:ucode-intel-20210525-3.67.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:ucode-intel-20210525-3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:27:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24513"
}
]
}
SUSE-SU-2021:1932-1
Vulnerability from csaf_suse - Published: 2021-06-10 08:28 - Updated: 2021-06-10 08:28Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20210525 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
Patchnames: SUSE-2021-1932,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1932,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1932,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1932,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1932,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1932,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1932,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1932,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1932,SUSE-Storage-6-2021-1932
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.6 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\n- Updated to Intel CPU Microcode 20210525 release.\n\n - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)\n\n See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html\n\n - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html\n\nOther fixes:\n\n- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.\n- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n- New platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2\n| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3\n| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3\n| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB\n| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB\n| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile\n| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile\n| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile\n| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E\n| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105\n| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11\n\n- Updated platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3\n| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3\n| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx\n| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable\n| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable\n| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx\n| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2\n| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2\n| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3\n| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87\n| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53\n| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx\n| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5\n| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series\n| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx\n| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile\n| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology\n| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile\n| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile\n| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile\n| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6\n| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E\n| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8\n| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9\n| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile\n| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile\n| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10\n| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10\n| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile\n| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1932,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1932,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1932,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1932,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1932,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1932,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1932,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1932,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1932,SUSE-Storage-6-2021-1932",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1932-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1932-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211932-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1932-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008980.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179833",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "self",
"summary": "SUSE Bug 1179836",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "self",
"summary": "SUSE Bug 1179837",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "self",
"summary": "SUSE Bug 1179839",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24511 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24512 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24513 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24513/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2021-06-10T08:28:15Z",
"generator": {
"date": "2021-06-10T08:28:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1932-1",
"initial_release_date": "2021-06-10T08:28:15Z",
"revision_history": [
{
"date": "2021-06-10T08:28:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-3.203.1.i586",
"product": {
"name": "ucode-intel-20210525-3.203.1.i586",
"product_id": "ucode-intel-20210525-3.203.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-3.203.1.x86_64",
"product": {
"name": "ucode-intel-20210525-3.203.1.x86_64",
"product_id": "ucode-intel-20210525-3.203.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.0",
"product": {
"name": "SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Manager Proxy 4.0",
"product_id": "SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Manager Retail Branch Server 4.0",
"product_id": "SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Manager Server 4.0",
"product_id": "SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-3.203.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64"
},
"product_reference": "ucode-intel-20210525-3.203.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24489"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24489",
"url": "https://www.suse.com/security/cve/CVE-2020-24489"
},
{
"category": "external",
"summary": "SUSE Bug 1179839 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "external",
"summary": "SUSE Bug 1192359 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1192359"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1201731"
},
{
"category": "external",
"summary": "SUSE Bug 1225680 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1225680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:15Z",
"details": "important"
}
],
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24511"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24511",
"url": "https://www.suse.com/security/cve/CVE-2020-24511"
},
{
"category": "external",
"summary": "SUSE Bug 1179836 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:15Z",
"details": "moderate"
}
],
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24512"
}
],
"notes": [
{
"category": "general",
"text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24512",
"url": "https://www.suse.com/security/cve/CVE-2020-24512"
},
{
"category": "external",
"summary": "SUSE Bug 1179837 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:15Z",
"details": "low"
}
],
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24513"
}
],
"notes": [
{
"category": "general",
"text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24513",
"url": "https://www.suse.com/security/cve/CVE-2020-24513"
},
{
"category": "external",
"summary": "SUSE Bug 1179833 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Proxy 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Retail Branch Server 4.0:ucode-intel-20210525-3.203.1.x86_64",
"SUSE Manager Server 4.0:ucode-intel-20210525-3.203.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:15Z",
"details": "moderate"
}
],
"title": "CVE-2020-24513"
}
]
}
SUSE-SU-2021:1933-1
Vulnerability from csaf_suse - Published: 2021-06-10 08:28 - Updated: 2021-06-10 08:28Summary
Security update for ucode-intel
Severity
Important
Notes
Title of the patch: Security update for ucode-intel
Description of the patch: This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
Patchnames: SUSE-2021-1933,SUSE-SLE-Module-Basesystem-15-SP2-2021-1933,SUSE-SLE-Module-Basesystem-15-SP3-2021-1933,SUSE-SUSE-MicroOS-5.0-2021-1933
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ucode-intel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ucode-intel fixes the following issues:\n\nUpdated to Intel CPU Microcode 20210608 release.\n\n- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)\n See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html\n\n- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)\n\n - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)\n\n See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html\n\nOther fixes:\n\n- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.\n- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.\n- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.\n- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.\n- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.\n- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.\n- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.\n- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.\n\n- New platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2\n| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3\n| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3\n| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB\n| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB\n| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile\n| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile\n| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile\n| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E\n| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105\n| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11\n\n- Updated platforms:\n\n| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products\n|:---------------|:---------|:------------|:---------|:---------|:---------\n| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3\n| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3\n| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile\n| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx\n| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable\n| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable\n| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx\n| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2\n| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2\n| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3\n| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19\n| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87\n| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53\n| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx\n| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx\n| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5\n| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series\n| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx\n| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120\n| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile\n| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology\n| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile\n| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile\n| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile\n| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile\n| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile\n| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6\n| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E\n| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8\n| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9\n| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile\n| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile\n| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10\n| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10\n| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile\n| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1933,SUSE-SLE-Module-Basesystem-15-SP2-2021-1933,SUSE-SLE-Module-Basesystem-15-SP3-2021-1933,SUSE-SUSE-MicroOS-5.0-2021-1933",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1933-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1933-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211933-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1933-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008987.html"
},
{
"category": "self",
"summary": "SUSE Bug 1179833",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "self",
"summary": "SUSE Bug 1179836",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "self",
"summary": "SUSE Bug 1179837",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "self",
"summary": "SUSE Bug 1179839",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24489 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24511 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24512 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24513 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24513/"
}
],
"title": "Security update for ucode-intel",
"tracking": {
"current_release_date": "2021-06-10T08:28:43Z",
"generator": {
"date": "2021-06-10T08:28:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1933-1",
"initial_release_date": "2021-06-10T08:28:43Z",
"revision_history": [
{
"date": "2021-06-10T08:28:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-7.1.i586",
"product": {
"name": "ucode-intel-20210525-7.1.i586",
"product_id": "ucode-intel-20210525-7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ucode-intel-20210525-7.1.x86_64",
"product": {
"name": "ucode-intel-20210525-7.1.x86_64",
"product_id": "ucode-intel-20210525-7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-7.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64"
},
"product_reference": "ucode-intel-20210525-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-7.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
},
"product_reference": "ucode-intel-20210525-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ucode-intel-20210525-7.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0",
"product_id": "SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64"
},
"product_reference": "ucode-intel-20210525-7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24489"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24489",
"url": "https://www.suse.com/security/cve/CVE-2020-24489"
},
{
"category": "external",
"summary": "SUSE Bug 1179839 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1179839"
},
{
"category": "external",
"summary": "SUSE Bug 1192359 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1192359"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1201731"
},
{
"category": "external",
"summary": "SUSE Bug 1225680 for CVE-2020-24489",
"url": "https://bugzilla.suse.com/1225680"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:43Z",
"details": "important"
}
],
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24511"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24511",
"url": "https://www.suse.com/security/cve/CVE-2020-24511"
},
{
"category": "external",
"summary": "SUSE Bug 1179836 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1179836"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24511",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:43Z",
"details": "moderate"
}
],
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24512"
}
],
"notes": [
{
"category": "general",
"text": "Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24512",
"url": "https://www.suse.com/security/cve/CVE-2020-24512"
},
{
"category": "external",
"summary": "SUSE Bug 1179837 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1179837"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24512",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:43Z",
"details": "low"
}
],
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24513"
}
],
"notes": [
{
"category": "general",
"text": "Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24513",
"url": "https://www.suse.com/security/cve/CVE-2020-24513"
},
{
"category": "external",
"summary": "SUSE Bug 1179833 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1179833"
},
{
"category": "external",
"summary": "SUSE Bug 1192360 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1192360"
},
{
"category": "external",
"summary": "SUSE Bug 1199300 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1199300"
},
{
"category": "external",
"summary": "SUSE Bug 1201731 for CVE-2020-24513",
"url": "https://bugzilla.suse.com/1201731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.0:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-intel-20210525-7.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:ucode-intel-20210525-7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-10T08:28:43Z",
"details": "moderate"
}
],
"title": "CVE-2020-24513"
}
]
}
VAR-202106-0349
Vulnerability from variot - Updated: 2026-04-10 22:36Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
For the stable distribution (buster), these problems have been fixed in version 3.20210608.2~deb10u1.
Note that there are two reported regressions; for some CoffeeLake CPUs this update may break iwlwifi (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56) and some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS, the system may hang on boot: (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31)
If you are affected by those issues, you can recover by disabling microcode loading on boot (as documented in README.Debian (also available online at https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian))
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8 Tja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB haasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20 9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD 3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch AdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6 xWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ qDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE GVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw k//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn AYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh 9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg= =RVf2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2021:3028-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3028 Issue date: 2021-08-09 CVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 ==================================================================== 1. Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
-
hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
-
hw: Vector Register Data Sampling (CVE-2020-0548)
-
hw: L1D Cache Eviction Sampling (CVE-2020-0549)
-
hw: vt-d related privilege escalation (CVE-2020-24489)
-
hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511)
-
hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512)
-
hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)
-
hw: Vector Register Leakage-Active (CVE-2020-8696)
-
hw: Fast forward store predictor (CVE-2020-8698)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1788786 - CVE-2020-0548 hw: Vector Register Data Sampling 1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling 1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS) 1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor 1897684 - [rhel-7.9.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64: microcode_ctl-2.1-73.11.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64: microcode_ctl-2.1-73.11.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64: microcode_ctl-2.1-73.11.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: microcode_ctl-2.1-73.11.el7_9.src.rpm
x86_64: microcode_ctl-2.1-73.11.el7_9.x86_64.rpm microcode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-0543 https://access.redhat.com/security/cve/CVE-2020-0548 https://access.redhat.com/security/cve/CVE-2020-0549 https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/cve/CVE-2020-24489 https://access.redhat.com/security/cve/CVE-2020-24511 https://access.redhat.com/security/cve/CVE-2020-24512 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRD++tzjgjWX9erEAQhA1A//eeO88DFGpTcHgCHrsXimUtK3MZX0RppT 5UOWuXgmPJniMPDALpkfTNTnNGASjBB+WDclaW2d/sZf52PzYLao5wGVIYdUx3Nl l9IvbGNMm0F7eI7aHdT2QnUhQQl1IpJrbmkhvBM2w85EmOfqlq+CpXnJMRXzoRdv sFPrWAo1opDNnBV6iYAnyULHFuWwcvU28n3JU945W8p/PvqJgSze77i4dmpzYkBj ljzVrIUl2pizBmnQMj03JJ+YeB8+oKb0uD2RdqHoxkUSFGH9OW6s/qytHu/eR4uL Y7WmIfHUxGsVRcmIjo/VaAvvWs4A3hdOL3nGdRAMQOKp+VoDcX7VDNURoxK/bkcJ OepHSyfWPCVXvOmU5l2ov1uzVQ/F+ajeevMehuzwQlTAIur5qE2eQ2Mwitfh/7WZ W3x67peCz51zVPtb7rkQfpzQzZKkjSAAclOYMzltv2PA5vSXZy8+hEqWZwqtesQn ltz36bjQMvRRhr1yGDbaFI5dcTB8T/eIkzmD6wPfbd7r7SEuE0GUd8Yf69VghGL2 f+mvR8oWb2x3RHXbpFm4aIt5mJHqIgfXDAohz7lXgLyJwQefyeJ5w+W8nOe+ZSK/ yvfiVQZz9tvPq8yqC87YWTA7zcnhoSmPvXRicJakpfJL/oz043Tc17jqxIra36sA UjXnNBNse8A=LIYI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 6 ELS) - i386, x86_64
3
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "core i5-11500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10310u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10850k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2920",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-l13g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1035g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10885h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1195g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10100t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1120g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11900h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10500e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3150",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1060g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1035g1",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium silver j5040",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11400",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11700b",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j3160",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2820",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j6413",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11900kf",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10700t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11600kf",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10100",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10325",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3160",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10100y",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n3530",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11980hk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10100e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2930",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium silver n6000",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10810u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10500te",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1000g1",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10910",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11900k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3050",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1160g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10100te",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n3540",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10300t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10750h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10305t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10110u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium silver n6005",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j4025",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3010",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium j4205",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "core i3-1115gre",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10500h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11850h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10310y",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2810",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1035g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3350",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n5100",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10200h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1145g7e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10300",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3060",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-11100b",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11600t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium j3710",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j4105",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10505",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "atom x5-e3940",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10900k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10210u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n3510",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10850h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n6211",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n6415",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium silver n5030",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j3355e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11390h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10700",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10900e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3450",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "core i9-10900f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2807",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1135g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-l16g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10500t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11700f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j1800",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j3060",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2815",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11320h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11700t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2808",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10700k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11370h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium j6426",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2830",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n4200e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10400h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11900kb",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10105f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1145g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10320",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11400h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11900",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10300h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n3700",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11600k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n5095",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11375h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10210y",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10400t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10600kf",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11700kf",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j6412",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1185g7e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j3455",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1000g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n4200",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3350e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4100",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11500h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10870h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10600",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j1850",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2910",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1060ng7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1185gre",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11500b",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1030ng7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10400",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11700",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10700f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1005g1",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11900f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1140g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j4005",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n5105",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1145gre",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2940",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10510u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4000c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10700te",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10900te",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1155g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1030g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1000ng4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j4125",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1125g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11600",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10610u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2806",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10700e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1165g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10900",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j3355",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1110g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10710u",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11400f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4020",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j1750",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4020c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1130g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10105",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1068ng7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1030g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1115g4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n3000",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j4115",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium silver n5000",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10875h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1065g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10105t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10900t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1180g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n6210",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10100f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11800h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "atom x7-e3950",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11260h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10600t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n3520",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11500t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10600k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2805",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11300h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n2840",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-11700k",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4000",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10980hk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-1038ng7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-1185g7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10305",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium j2850",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10400f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium silver j5005",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j3455e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "atom x5-e3930",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-10110y",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron j1900",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-10500",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11900t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10510y",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i7-10700kf",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-11950h",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4120",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium n3710",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i9-10900kf",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium j2900",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "celeron n4505",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "pentium silver a1030",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i5-11400t",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"_id": null,
"model": "core i3-1115g4e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24489"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163956"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163031"
},
{
"db": "PACKETSTORM",
"id": "163036"
},
{
"db": "PACKETSTORM",
"id": "163044"
},
{
"db": "PACKETSTORM",
"id": "163047"
}
],
"trust": 0.8
},
"cve": "CVE-2020-24489",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-24489",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-178372",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2020-24489",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24489",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-178372",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178372"
},
{
"db": "NVD",
"id": "CVE-2020-24489"
}
]
},
"description": {
"_id": null,
"data": "Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 3.20210608.2~deb10u1. \n\nNote that there are two reported regressions; for some CoffeeLake CPUs\nthis update may break iwlwifi\n(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/56)\nand some for Skylake R0/D0 CPUs on systems using a very outdated firmware/BIOS,\nthe system may hang on boot:\n(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31)\n\nIf you are affected by those issues, you can recover by disabling microcode\nloading on boot (as documented in README.Debian (also available online at\nhttps://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/README.Debian))\n\nWe recommend that you upgrade your intel-microcode packages. \n\nFor the detailed security status of intel-microcode please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/intel-microcode\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDXan0ACgkQEMKTtsN8\nTja9aQ//f1dHsEghQsedGnkMCIa2qLi12UFtb4yW7TYV6uwloqbYZMbymvoXYOAB\nhaasn+yCaGUkXuAHxcGvZuN41EkRhdG4LfS5qoZxPMsw84ETjpV2Ohwhuqwf9P20\n9pqV1QLjVPCMiCqvHatkzyRNPtRhIh0uCRx5HtIeOEyKTwhVnUJrrljUXCzMDviD\n3As0n0yVUPDIcJdaVxp5mxyebf1NyIYMR+7wmzTBOhK6i+rEE4NkKGkcsYBIM1ch\nAdTQNHv78QZld6ixL8iCUe1NsSugZ2QjbVL1BLW45fJv3f0BIF5uo6LBzbiJlN/6\nxWwOdFTfqW1ORyr0k6JQ+yKz3oSE+jfUStwf+zegWOjYes5gGaA/nATzzNwwFfCQ\nqDqMmnN26qMI3MswP50ESkNs2JTK3955cIJjnscp5DeFArDuCFKh9wcqSZ46/QCE\nGVRi+F/Dh3JQxv/jP8jfLhCvkBptuendGo9qK5v22QoeCRoHS16dLu7HHP34hRrw\nk//EgtP35pD9eTNiIsxhmx3qTPD0gbQbcMG/5NTVtpNqsffAxYtqTy8+/4lfPkNn\nAYtYrrG6tjEHe1gasLkjthB7c0YLzPLdNyZkNIk6XZ2YIhx18N80c7gTBERSJ1Sh\n9lmsnX3+5GWM7Fx2NN2vL5xIEo0einMJCyTlNMRDLim2ix1vpZg=\n=RVf2\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: microcode_ctl security, bug fix and enhancement update\nAdvisory ID: RHSA-2021:3028-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3028\nIssue date: 2021-08-09\nCVE Names: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549\n CVE-2020-8695 CVE-2020-8696 CVE-2020-8698\n CVE-2020-24489 CVE-2020-24511 CVE-2020-24512\n====================================================================\n1. Summary:\n\nAn update for microcode_ctl is now available for Red Hat Enterprise Linux\n7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe microcode_ctl packages provide microcode updates for Intel. \n\nSecurity Fix(es):\n\n* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)\n\n* hw: Vector Register Data Sampling (CVE-2020-0548)\n\n* hw: L1D Cache Eviction Sampling (CVE-2020-0549)\n\n* hw: vt-d related privilege escalation (CVE-2020-24489)\n\n* hw: improper isolation of shared resources in some Intel Processors\n(CVE-2020-24511)\n\n* hw: observable timing discrepancy in some Intel Processors\n(CVE-2020-24512)\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1788786 - CVE-2020-0548 hw: Vector Register Data Sampling\n1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling\n1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)\n1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface\n1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active\n1890356 - CVE-2020-8698 hw: Fast forward store predictor\n1897684 - [rhel-7.9.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates\n1962650 - CVE-2020-24489 hw: vt-d related privilege escalation\n1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors\n1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nmicrocode_ctl-2.1-73.11.el7_9.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-73.11.el7_9.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nmicrocode_ctl-2.1-73.11.el7_9.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-73.11.el7_9.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nmicrocode_ctl-2.1-73.11.el7_9.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-73.11.el7_9.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nmicrocode_ctl-2.1-73.11.el7_9.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-73.11.el7_9.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-73.11.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-0543\nhttps://access.redhat.com/security/cve/CVE-2020-0548\nhttps://access.redhat.com/security/cve/CVE-2020-0549\nhttps://access.redhat.com/security/cve/CVE-2020-8695\nhttps://access.redhat.com/security/cve/CVE-2020-8696\nhttps://access.redhat.com/security/cve/CVE-2020-8698\nhttps://access.redhat.com/security/cve/CVE-2020-24489\nhttps://access.redhat.com/security/cve/CVE-2020-24511\nhttps://access.redhat.com/security/cve/CVE-2020-24512\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRD++tzjgjWX9erEAQhA1A//eeO88DFGpTcHgCHrsXimUtK3MZX0RppT\n5UOWuXgmPJniMPDALpkfTNTnNGASjBB+WDclaW2d/sZf52PzYLao5wGVIYdUx3Nl\nl9IvbGNMm0F7eI7aHdT2QnUhQQl1IpJrbmkhvBM2w85EmOfqlq+CpXnJMRXzoRdv\nsFPrWAo1opDNnBV6iYAnyULHFuWwcvU28n3JU945W8p/PvqJgSze77i4dmpzYkBj\nljzVrIUl2pizBmnQMj03JJ+YeB8+oKb0uD2RdqHoxkUSFGH9OW6s/qytHu/eR4uL\nY7WmIfHUxGsVRcmIjo/VaAvvWs4A3hdOL3nGdRAMQOKp+VoDcX7VDNURoxK/bkcJ\nOepHSyfWPCVXvOmU5l2ov1uzVQ/F+ajeevMehuzwQlTAIur5qE2eQ2Mwitfh/7WZ\nW3x67peCz51zVPtb7rkQfpzQzZKkjSAAclOYMzltv2PA5vSXZy8+hEqWZwqtesQn\nltz36bjQMvRRhr1yGDbaFI5dcTB8T/eIkzmD6wPfbd7r7SEuE0GUd8Yf69VghGL2\nf+mvR8oWb2x3RHXbpFm4aIt5mJHqIgfXDAohz7lXgLyJwQefyeJ5w+W8nOe+ZSK/\nyvfiVQZz9tvPq8yqC87YWTA7zcnhoSmPvXRicJakpfJL/oz043Tc17jqxIra36sA\nUjXnNBNse8A=LIYI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 6 ELS) - i386, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24489"
},
{
"db": "VULHUB",
"id": "VHN-178372"
},
{
"db": "PACKETSTORM",
"id": "169079"
},
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163956"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163031"
},
{
"db": "PACKETSTORM",
"id": "163036"
},
{
"db": "PACKETSTORM",
"id": "163044"
},
{
"db": "PACKETSTORM",
"id": "163047"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-24489",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "163047",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163044",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163031",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163036",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163040",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163042",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163043",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163242",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163032",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163240",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163046",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-178372",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169079",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163772",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163924",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163956",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163758",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178372"
},
{
"db": "PACKETSTORM",
"id": "169079"
},
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163956"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163031"
},
{
"db": "PACKETSTORM",
"id": "163036"
},
{
"db": "PACKETSTORM",
"id": "163044"
},
{
"db": "PACKETSTORM",
"id": "163047"
},
{
"db": "NVD",
"id": "CVE-2020-24489"
}
]
},
"id": "VAR-202106-0349",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-178372"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:36:59.800000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-459",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178372"
},
{
"db": "NVD",
"id": "CVE-2020-24489"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"trust": 1.1,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24511"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24512"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24489"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-24511"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-24512"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-24489"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24513"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8696"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8698"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8698"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0549"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-0543"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8695"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8695"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-0549"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0543"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8696"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0548"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-0548"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24513"
},
{
"trust": 0.1,
"url": "https://salsa.debian.org/hmh/intel-microcode/-/blob/master/debian/readme.debian))"
},
{
"trust": 0.1,
"url": "https://github.com/intel/intel-linux-processor-microcode-data-files/issues/56)"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://github.com/intel/intel-linux-processor-microcode-data-files/issues/31)"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/intel-microcode"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3029"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3028"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2299"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2300"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2303"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178372"
},
{
"db": "PACKETSTORM",
"id": "169079"
},
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163956"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163031"
},
{
"db": "PACKETSTORM",
"id": "163036"
},
{
"db": "PACKETSTORM",
"id": "163044"
},
{
"db": "PACKETSTORM",
"id": "163047"
},
{
"db": "NVD",
"id": "CVE-2020-24489"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-178372",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169079",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163772",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163924",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163956",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163758",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163031",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163036",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163044",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163047",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-24489",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-178372",
"ident": null
},
{
"date": "2021-06-28T19:12:00",
"db": "PACKETSTORM",
"id": "169079",
"ident": null
},
{
"date": "2021-08-10T14:49:53",
"db": "PACKETSTORM",
"id": "163772",
"ident": null
},
{
"date": "2021-08-27T19:22:22",
"db": "PACKETSTORM",
"id": "163924",
"ident": null
},
{
"date": "2021-08-31T15:44:21",
"db": "PACKETSTORM",
"id": "163956",
"ident": null
},
{
"date": "2021-08-09T14:15:45",
"db": "PACKETSTORM",
"id": "163758",
"ident": null
},
{
"date": "2021-06-09T13:26:32",
"db": "PACKETSTORM",
"id": "163031",
"ident": null
},
{
"date": "2021-06-09T13:28:02",
"db": "PACKETSTORM",
"id": "163036",
"ident": null
},
{
"date": "2021-06-09T13:40:48",
"db": "PACKETSTORM",
"id": "163044",
"ident": null
},
{
"date": "2021-06-09T13:42:12",
"db": "PACKETSTORM",
"id": "163047",
"ident": null
},
{
"date": "2021-06-09T20:15:08.140000",
"db": "NVD",
"id": "CVE-2020-24489",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-178372",
"ident": null
},
{
"date": "2022-04-06T17:07:37.537000",
"db": "NVD",
"id": "CVE-2020-24489",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Debian Security Advisory 4934-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "169079"
}
],
"trust": 0.1
}
}
WID-SEC-W-2023-0063
Vulnerability from csaf_certbund - Published: 2022-01-12 23:00 - Updated: 2025-10-08 22:00Summary
Juniper Junos Space: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.
Angriff: Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen und seine Privilegien zu erweitern.
Betroffene Betriebssysteme: - Juniper Appliance
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <21.3R1
Juniper / Junos Space
|
<21.3R1 | ||
|
Juniper Junos Space Security Director <24.1R4
Juniper / Junos Space
|
Security Director <24.1R4 | ||
|
Juniper Contrail Service Orchestration
Juniper
|
cpe:/a:juniper:contrail_service_orchestration:-
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen, beliebigen Code auszuf\u00fchren und seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Juniper Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0063 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0063.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0063 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0063"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2022-01-12",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11287\u0026cat=SIRT_1"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA70182 vom 2023-01-12",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA103138 vom 2024-10-08",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
}
],
"source_lang": "en-US",
"title": "Juniper Junos Space: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-08T22:00:00.000+00:00",
"generator": {
"date": "2025-10-09T07:39:55.488+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-0063",
"initial_release_date": "2022-01-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-01-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-11T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2025-10-08T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Juniper aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Juniper Contrail Service Orchestration",
"product": {
"name": "Juniper Contrail Service Orchestration",
"product_id": "T025794",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:contrail_service_orchestration:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c21.3R1",
"product": {
"name": "Juniper Junos Space \u003c21.3R1",
"product_id": "T021576"
}
},
{
"category": "product_version",
"name": "21.3R1",
"product": {
"name": "Juniper Junos Space 21.3R1",
"product_id": "T021576-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:21.3r1"
}
}
},
{
"category": "product_version_range",
"name": "Security Director \u003c24.1R4",
"product": {
"name": "Juniper Junos Space Security Director \u003c24.1R4",
"product_id": "T047484"
}
},
{
"category": "product_version",
"name": "Security Director 24.1R4",
"product": {
"name": "Juniper Junos Space Security Director 24.1R4",
"product_id": "T047484-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r4::security_director"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17543",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2019-17543"
},
{
"cve": "CVE-2019-20934",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2019-20934"
},
{
"cve": "CVE-2020-0543",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-0543"
},
{
"cve": "CVE-2020-0548",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-0548"
},
{
"cve": "CVE-2020-0549",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-0549"
},
{
"cve": "CVE-2020-11022",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11022"
},
{
"cve": "CVE-2020-11023",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11023"
},
{
"cve": "CVE-2020-11668",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11668"
},
{
"cve": "CVE-2020-11984",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11984"
},
{
"cve": "CVE-2020-11993",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-11993"
},
{
"cve": "CVE-2020-12362",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-12362"
},
{
"cve": "CVE-2020-12363",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-12363"
},
{
"cve": "CVE-2020-12364",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-12364"
},
{
"cve": "CVE-2020-1927",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-1927"
},
{
"cve": "CVE-2020-1934",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-1934"
},
{
"cve": "CVE-2020-24489",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-27170",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-27170"
},
{
"cve": "CVE-2020-27777",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-29443",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-29443"
},
{
"cve": "CVE-2020-8625",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8625"
},
{
"cve": "CVE-2020-8648",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8648"
},
{
"cve": "CVE-2020-8695",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8695"
},
{
"cve": "CVE-2020-8696",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8696"
},
{
"cve": "CVE-2020-8698",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-8698"
},
{
"cve": "CVE-2020-9490",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2020-9490"
},
{
"cve": "CVE-2021-20254",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-20254"
},
{
"cve": "CVE-2021-22555",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-22555"
},
{
"cve": "CVE-2021-22901",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-2341",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2341"
},
{
"cve": "CVE-2021-2342",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2342"
},
{
"cve": "CVE-2021-2356",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2356"
},
{
"cve": "CVE-2021-2369",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2369"
},
{
"cve": "CVE-2021-2372",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2372"
},
{
"cve": "CVE-2021-2385",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2385"
},
{
"cve": "CVE-2021-2388",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2388"
},
{
"cve": "CVE-2021-2389",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2389"
},
{
"cve": "CVE-2021-2390",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-2390"
},
{
"cve": "CVE-2021-25214",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-25214"
},
{
"cve": "CVE-2021-25217",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-25217"
},
{
"cve": "CVE-2021-27219",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-27219"
},
{
"cve": "CVE-2021-29154",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-29154"
},
{
"cve": "CVE-2021-29650",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-29650"
},
{
"cve": "CVE-2021-31535",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-31535"
},
{
"cve": "CVE-2021-32399",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-32399"
},
{
"cve": "CVE-2021-33033",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-33033"
},
{
"cve": "CVE-2021-33034",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-33034"
},
{
"cve": "CVE-2021-3347",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3347"
},
{
"cve": "CVE-2021-33909",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-33909"
},
{
"cve": "CVE-2021-3653",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3653"
},
{
"cve": "CVE-2021-3656",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3656"
},
{
"cve": "CVE-2021-3715",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-3715"
},
{
"cve": "CVE-2021-37576",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-37576"
},
{
"cve": "CVE-2021-4104",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-4104"
},
{
"cve": "CVE-2021-42550",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-42550"
},
{
"cve": "CVE-2021-44228",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-44228"
},
{
"cve": "CVE-2021-45046",
"product_status": {
"known_affected": [
"T021576",
"T047484",
"T025794"
]
},
"release_date": "2022-01-12T23:00:00.000+00:00",
"title": "CVE-2021-45046"
}
]
}
WID-SEC-W-2024-1463
Vulnerability from csaf_certbund - Published: 2021-06-08 22:00 - Updated: 2024-06-26 22:00Summary
Intel Prozessoren: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Prozessor ist das zentrale Rechenwerk eines Computers.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Intel Prozessoren ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme: - BIOS/Firmware
- Hardware Appliance
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zurückzuführen . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Citrix Systems XenServer
Citrix Systems
|
cpe:/a:citrix:xenserver:-
|
— | |
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Avaya Breeze Platform
Avaya
|
cpe:/a:avaya:breeze_platform:-
|
— | |
|
NetApp FAS
NetApp
|
cpe:/h:netapp:fas:-
|
— | |
|
Avaya Aura Session Manager
Avaya
|
cpe:/a:avaya:session_manager:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Avaya Aura Communication Manager
Avaya
|
cpe:/a:avaya:communication_manager:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Avaya Session Border Controller
Avaya
|
cpe:/h:avaya:session_border_controller:-
|
— | |
|
Citrix Systems Hypervisor
Citrix Systems
|
cpe:/o:citrix:hypervisor:-
|
— | |
|
Avaya CMS
Avaya
|
cpe:/a:avaya:call_management_system_server:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Siemens SIMATIC S7
Siemens
|
cpe:/h:siemens:simatic_s7:-
|
— | |
|
Avaya Aura Experience Portal
Avaya
|
cpe:/a:avaya:aura_experience_portal:-
|
— | |
|
Avaya Aura System Manager
Avaya
|
cpe:/a:avaya:aura_system_manager:-
|
— | |
|
Avaya Aura Device Services
Avaya
|
cpe:/a:avaya:aura_device_services:-
|
— | |
|
Avaya Aura Application Enablement Services
Avaya
|
cpe:/a:avaya:aura_application_enablement_services:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Avaya Web License Manager
Avaya
|
cpe:/a:avaya:web_license_manager:-
|
— | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Avaya one-X
Avaya
|
cpe:/a:avaya:one-x:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
HPE ProLiant
HPE
|
cpe:/h:hp:proliant:-
|
— |
In Intel Prozessoren existiert eine Schwachstelle, welche aufgrund eines unvollständigen Cleanups besteht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In Intel Prozessoren existiert eine Schwachstelle, welche aufgrund eines unvollständigen Cleanups besteht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Im Intel Prozessor Diagnostics Tool existiert eine Schwachstelle aufgrund eines unkontrollierten Suchpfad-Elements. Ein lokaler Angreifer kann dies ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung dieser Schwachstelle ist eine Benutzerinteraktion erforderlich.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In Intel Prozessoren existiert eine Schwachstelle aufgrund eines möglichen Domain-Bypasses. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Fließkomma-Berechnungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Fließkomma-Berechnungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Timing-Operationen sowie einer unzureichenden Isolation von geteilten Ressourcen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Timing-Operationen sowie einer unzureichenden Isolation von geteilten Ressourcen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source Arch Linux
Open Source
|
cpe:/o:archlinux:archlinux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Intel Prozessor
Intel
|
cpe:/h:intel:intel_prozessor:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
80 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Prozessor ist das zentrale Rechenwerk eines Computers.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Intel Prozessoren ausnutzen, um seine Privilegien zu erh\u00f6hen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware\n- Hardware Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1463 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2024-1463.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1463 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1463"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-2305 vom 2021-06-11",
"url": "http://linux.oracle.com/errata/ELSA-2021-2305.html"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-079 vom 2021-06-10",
"url": "https://downloads.avaya.com/css/P8/documents/101076192"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20210611-0005 vom 2021-06-11",
"url": "https://security.netapp.com/advisory/ntap-20210611-0005/"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04152en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04155en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04150en_us"
},
{
"category": "external",
"summary": "HPE Security Advisory",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04156en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04159en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04164en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04165en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04163en_us"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04158en_us"
},
{
"category": "external",
"summary": "Intel Security Advisory: INTEL-SA-00442 vom 2021-06-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html"
},
{
"category": "external",
"summary": "Intel Security Advisory: INTEL-SA-00458 vom 2021-06-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00458.html"
},
{
"category": "external",
"summary": "Intel Security Advisory: INTEL-SA-00463 vom 2021-06-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html"
},
{
"category": "external",
"summary": "Intel Security Advisory: INTEL-SA-00464 vom 2021-06-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html"
},
{
"category": "external",
"summary": "Intel Security Advisory: INTEL-SA-00465 vom 2021-06-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html"
},
{
"category": "external",
"summary": "Intel Security Advisory: INTEL-SA-00516 vom 2021-06-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2299 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2299"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2307 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2307"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2308 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2308"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2304 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2304"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2303 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2303"
},
{
"category": "external",
"summary": "EMC Security Advisory DSA-2021-116 vom 2021-06-09",
"url": "https://www.dell.com/support/kbdoc/de-de/000187906/dsa-2021-116-dell-client-platform-security-update-for-intel-platform-updates-2021-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2302 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2302"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2301 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2301"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2300 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2300"
},
{
"category": "external",
"summary": "XEN Security Advisory XSA-375 vom 2021-06-08",
"url": "https://xenbits.xen.org/xsa/advisory-375.html"
},
{
"category": "external",
"summary": "EMC Security Advisory DSA-2021-109 vom 2021-06-09",
"url": "https://www.dell.com/support/kbdoc/de-de/000188043/dsa-2021-109-poweredge-server-security-update-for-2021-1-intel-platform-update-ipu"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-4985-1 vom 2021-06-09",
"url": "https://ubuntu.com/security/notices/USN-4985-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2306 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2306"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2305 vom 2021-06-09",
"url": "https://access.redhat.com/errata/RHSA-2021:2305"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1929-1 vom 2021-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008977.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1931-1 vom 2021-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008983.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1933-1 vom 2021-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008987.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1930-1 vom 2021-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008984.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:1932-1 vom 2021-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/008980.html"
},
{
"category": "external",
"summary": "Citrix Security Advisory CTX316324 vom 2021-06-09",
"url": "https://support.citrix.com/article/CTX316324"
},
{
"category": "external",
"summary": "Arch Linux Security Advisory ASA-202106-34 vom 2021-06-15",
"url": "https://security.archlinux.org/ASA-202106-34"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4931 vom 2021-06-15",
"url": "https://lists.debian.org/debian-security-announce/2021/msg00114.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2522 vom 2021-06-22",
"url": "https://access.redhat.com/errata/RHSA-2021:2522"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:2519 vom 2021-06-22",
"url": "https://access.redhat.com/errata/RHSA-2021:2519"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4934 vom 2021-06-27",
"url": "https://www.debian.org/security/2021/dsa-4934"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2021-0020 vom 2021-06-25",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2021-June/001020.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:14758-1 vom 2021-06-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-June/009092.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-2308 vom 2021-07-01",
"url": "https://linux.oracle.com/errata/ELSA-2021-2308.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20210702-0002 vom 2021-07-02",
"url": "https://security.netapp.com/advisory/ntap-20210702-0002/"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202107-30 vom 2021-07-12",
"url": "https://security.gentoo.org/glsa/202107-30"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04170en_us"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-2718 vom 2021-07-26",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3028 vom 2021-08-09",
"url": "https://access.redhat.com/errata/RHSA-2021:3028"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3027 vom 2021-08-09",
"url": "https://access.redhat.com/errata/RHSA-2021:3027"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2021:3028 vom 2021-08-09",
"url": "https://lists.centos.org/pipermail/centos-announce/2021-August/048347.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-3028 vom 2021-08-09",
"url": "http://linux.oracle.com/errata/ELSA-2021-3028.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-3027 vom 2021-08-09",
"url": "http://linux.oracle.com/errata/ELSA-2021-3027.html"
},
{
"category": "external",
"summary": "Siemens Security Advisory SSA-309571 vom 2021-08-10",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3029 vom 2021-08-10",
"url": "https://access.redhat.com/errata/RHSA-2021:3029"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3176 vom 2021-08-17",
"url": "https://access.redhat.com/errata/RHSA-2021:3176"
},
{
"category": "external",
"summary": "HPE Security Bulletin",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04187en_us"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-105 vom 2021-08-19",
"url": "https://downloads.avaya.com/css/P8/documents/101077166"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3255 vom 2021-08-25",
"url": "https://access.redhat.com/errata/RHSA-2021:3255"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-084 vom 2021-08-25",
"url": "https://downloads.avaya.com/css/P8/documents/101077243"
},
{
"category": "external",
"summary": "AVAYA Security Advisory ASA-2021-084 vom 2021-08-25",
"url": "https://downloads.avaya.com/css/P8/documents/101077239"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3323 vom 2021-08-31",
"url": "https://access.redhat.com/errata/RHSA-2021:3323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3322 vom 2021-08-31",
"url": "https://access.redhat.com/errata/RHSA-2021:3322"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3317 vom 2021-08-31",
"url": "https://access.redhat.com/errata/RHSA-2021:3317"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3364 vom 2021-08-31",
"url": "https://access.redhat.com/errata/RHSA-2021:3364"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2922-1 vom 2021-09-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009389.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2923-1 vom 2021-09-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009381.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2924-1 vom 2021-09-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009390.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2925-1 vom 2021-09-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009395.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2943-1 vom 2021-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009400.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2955-1 vom 2021-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:2957-1 vom 2021-09-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009414.html"
},
{
"category": "external",
"summary": "F5 Security Advisory K41043270 vom 2021-09-08",
"url": "https://support.f5.com/csp/article/K41043270?utm_source=f5support\u0026utm_medium=RSS"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:3322-1 vom 2021-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009548.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2021:14848-1 vom 2021-12-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-December/009799.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-250 vom 2024-06-27",
"url": "https://www.dell.com/support/kbdoc/de-de/000226426/dsa-2024-250-security-update-for-dell-avamar-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Intel Prozessoren: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:10:37.032+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1463",
"initial_release_date": "2021-06-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-06-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-06-09T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Citrix aufgenommen"
},
{
"date": "2021-06-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-06-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux, AVAYA und NetApp aufgenommen"
},
{
"date": "2021-06-14T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Arch Linux aufgenommen"
},
{
"date": "2021-06-15T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-06-22T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-06-27T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian und ORACLE aufgenommen"
},
{
"date": "2021-06-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-06-30T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2021-07-04T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2021-07-11T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2021-07-14T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2021-07-25T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2021-08-08T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Siemens, CentOS und Oracle Linux aufgenommen"
},
{
"date": "2021-08-10T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-16T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-17T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von HP aufgenommen"
},
{
"date": "2021-08-22T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2021-08-24T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-26T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von AVAYA aufgenommen"
},
{
"date": "2021-08-30T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-09-02T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-05T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-06T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-09-08T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Informationen von F5 aufgenommen"
},
{
"date": "2021-10-07T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2021-12-01T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "30"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Avaya Aura Application Enablement Services",
"product": {
"name": "Avaya Aura Application Enablement Services",
"product_id": "T015516",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Communication Manager",
"product": {
"name": "Avaya Aura Communication Manager",
"product_id": "T015126",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:communication_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Device Services",
"product": {
"name": "Avaya Aura Device Services",
"product_id": "T015517",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_device_services:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Experience Portal",
"product": {
"name": "Avaya Aura Experience Portal",
"product_id": "T015519",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_experience_portal:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura Session Manager",
"product": {
"name": "Avaya Aura Session Manager",
"product_id": "T015127",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:session_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Aura System Manager",
"product": {
"name": "Avaya Aura System Manager",
"product_id": "T015518",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:aura_system_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Breeze Platform",
"product": {
"name": "Avaya Breeze Platform",
"product_id": "T015823",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:breeze_platform:-"
}
}
},
{
"category": "product_name",
"name": "Avaya CMS",
"product": {
"name": "Avaya CMS",
"product_id": "997",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:call_management_system_server:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Session Border Controller",
"product": {
"name": "Avaya Session Border Controller",
"product_id": "T015520",
"product_identification_helper": {
"cpe": "cpe:/h:avaya:session_border_controller:-"
}
}
},
{
"category": "product_name",
"name": "Avaya Web License Manager",
"product": {
"name": "Avaya Web License Manager",
"product_id": "T016243",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:web_license_manager:-"
}
}
},
{
"category": "product_name",
"name": "Avaya one-X",
"product": {
"name": "Avaya one-X",
"product_id": "1024",
"product_identification_helper": {
"cpe": "cpe:/a:avaya:one-x:-"
}
}
}
],
"category": "vendor",
"name": "Avaya"
},
{
"branches": [
{
"category": "product_name",
"name": "Citrix Systems Hypervisor",
"product": {
"name": "Citrix Systems Hypervisor",
"product_id": "T016872",
"product_identification_helper": {
"cpe": "cpe:/o:citrix:hypervisor:-"
}
}
},
{
"category": "product_name",
"name": "Citrix Systems XenServer",
"product": {
"name": "Citrix Systems XenServer",
"product_id": "T004077",
"product_identification_helper": {
"cpe": "cpe:/a:citrix:xenserver:-"
}
}
}
],
"category": "vendor",
"name": "Citrix Systems"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T006498",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE ProLiant",
"product": {
"name": "HPE ProLiant",
"product_id": "T009310",
"product_identification_helper": {
"cpe": "cpe:/h:hp:proliant:-"
}
}
}
],
"category": "vendor",
"name": "HPE"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel Prozessor",
"product": {
"name": "Intel Prozessor",
"product_id": "T011586",
"product_identification_helper": {
"cpe": "cpe:/h:intel:intel_prozessor:-"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp FAS",
"product": {
"name": "NetApp FAS",
"product_id": "T011540",
"product_identification_helper": {
"cpe": "cpe:/h:netapp:fas:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Arch Linux",
"product": {
"name": "Open Source Arch Linux",
"product_id": "T013312",
"product_identification_helper": {
"cpe": "cpe:/o:archlinux:archlinux:-"
}
}
},
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Siemens SIMATIC S7",
"product": {
"name": "Siemens SIMATIC S7",
"product_id": "T020086",
"product_identification_helper": {
"cpe": "cpe:/h:siemens:simatic_s7:-"
}
}
}
],
"category": "vendor",
"name": "Siemens"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12357",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-12357"
},
{
"cve": "CVE-2020-12358",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-12358"
},
{
"cve": "CVE-2020-12359",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-12359"
},
{
"cve": "CVE-2020-12360",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-12360"
},
{
"cve": "CVE-2020-24486",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-24486"
},
{
"cve": "CVE-2020-8670",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-8670"
},
{
"cve": "CVE-2020-8700",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-8700"
},
{
"cve": "CVE-2021-0095",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen. Diese sind auf Out-of-Bound-Lese und Schreibfehler, Fehler bei der Initialisierung, Fehler bei der Eingabevalidierung, eine Race-Condition sowie Fehler im Kontrollfluss zur\u00fcckzuf\u00fchren . Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T004077",
"T006498",
"67646",
"T015823",
"T011540",
"T015127",
"T011586",
"T015126",
"T004914",
"T015520",
"T016872",
"997",
"T001663",
"T020086",
"T015519",
"T015518",
"T015517",
"T015516",
"T013312",
"T012167",
"T016243",
"T014381",
"2951",
"T002207",
"1024",
"T000126",
"1727",
"T009310"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2021-0095"
},
{
"cve": "CVE-2020-24489",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existiert eine Schwachstelle, welche aufgrund eines unvollst\u00e4ndigen Cleanups besteht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2021-24489",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existiert eine Schwachstelle, welche aufgrund eines unvollst\u00e4ndigen Cleanups besteht. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2021-24489"
},
{
"cve": "CVE-2020-8702",
"notes": [
{
"category": "description",
"text": "Im Intel Prozessor Diagnostics Tool existiert eine Schwachstelle aufgrund eines unkontrollierten Suchpfad-Elements. Ein lokaler Angreifer kann dies ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung dieser Schwachstelle ist eine Benutzerinteraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-8702"
},
{
"cve": "CVE-2020-24513",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existiert eine Schwachstelle aufgrund eines m\u00f6glichen Domain-Bypasses. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-24513"
},
{
"cve": "CVE-2021-0086",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Flie\u00dfkomma-Berechnungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2021-0086"
},
{
"cve": "CVE-2021-0089",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Flie\u00dfkomma-Berechnungen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2021-0089"
},
{
"cve": "CVE-2020-24511",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Timing-Operationen sowie einer unzureichenden Isolation von geteilten Ressourcen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"notes": [
{
"category": "description",
"text": "In Intel Prozessoren existieren mehrere Schwachstellen aufgrund von beobachtbaren Diskrepanzen bei Timing-Operationen sowie einer unzureichenden Isolation von geteilten Ressourcen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014381",
"2951",
"T002207",
"67646",
"T000126",
"T013312",
"T001663",
"T011586",
"T012167",
"1727",
"T004914"
]
},
"release_date": "2021-06-08T22:00:00.000+00:00",
"title": "CVE-2020-24512"
}
]
}
WID-SEC-W-2025-0227
Vulnerability from csaf_certbund - Published: 2021-11-30 23:00 - Updated: 2025-01-30 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existiert eine Schwachstelle. Es werden unsichere Kryptoalgorithmen genutzt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existiert eine Schwachstelle. Die Schwachstellen ist auf eine fehlende Authentisierung beim Schlüsselaustausch zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existiert eine Schwachstelle. Die Schwachstelle ist auf einen unzureichenden Patch zurückzuführen und ermöglicht einen Server-Site-Request-Forgery (SSRF)-Angriff. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
In IBM QRadar SIEM existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.3
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3
|
7.3 | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 |
References
14 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0227 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2025-0227.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0227 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0227"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520488 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520488"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520484 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520484"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520490 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520490"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520476 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520476"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520492 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520492"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520478 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520478"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520486 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520486"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520474 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520472 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520472"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520482 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520482"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6520480 vom 2021-11-30",
"url": "https://www.ibm.com/support/pages/node/6520480"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7182001 vom 2025-01-30",
"url": "https://www.ibm.com/support/pages/node/7182001"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-30T23:00:00.000+00:00",
"generator": {
"date": "2025-01-31T09:11:30.679+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2025-0227",
"initial_release_date": "2021-11-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-11-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM QRadar SIEM 7.3",
"product_id": "T014687",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.3"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "IBM QRadar SIEM 7.4",
"product_id": "T016287",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4"
}
}
},
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.5.0",
"product_id": "T023574",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10228",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2016-10228"
},
{
"cve": "CVE-2017-14502",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2017-14502"
},
{
"cve": "CVE-2017-15713",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2017-15713"
},
{
"cve": "CVE-2018-1000858",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-1000858"
},
{
"cve": "CVE-2018-11768",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-11768"
},
{
"cve": "CVE-2018-18751",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-18751"
},
{
"cve": "CVE-2018-20843",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-20843"
},
{
"cve": "CVE-2018-8029",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2018-8029"
},
{
"cve": "CVE-2019-13012",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-13012"
},
{
"cve": "CVE-2019-13050",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-13050"
},
{
"cve": "CVE-2019-13627",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-13627"
},
{
"cve": "CVE-2019-14866",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-14866"
},
{
"cve": "CVE-2019-14889",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-14889"
},
{
"cve": "CVE-2019-15903",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-16935",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-16935"
},
{
"cve": "CVE-2019-18276",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-18276"
},
{
"cve": "CVE-2019-19221",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-19221"
},
{
"cve": "CVE-2019-19906",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-19906"
},
{
"cve": "CVE-2019-19956",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-19956"
},
{
"cve": "CVE-2019-20387",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20387"
},
{
"cve": "CVE-2019-20388",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20388"
},
{
"cve": "CVE-2019-20454",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20454"
},
{
"cve": "CVE-2019-20907",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20907"
},
{
"cve": "CVE-2019-20916",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-20916"
},
{
"cve": "CVE-2019-25013",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-25013"
},
{
"cve": "CVE-2019-2708",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-2708"
},
{
"cve": "CVE-2019-3842",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-3842"
},
{
"cve": "CVE-2019-9169",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-9169"
},
{
"cve": "CVE-2019-9924",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2019-9924"
},
{
"cve": "CVE-2020-11080",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-11080"
},
{
"cve": "CVE-2020-12362",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-12362"
},
{
"cve": "CVE-2020-12363",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-12363"
},
{
"cve": "CVE-2020-12364",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-12364"
},
{
"cve": "CVE-2020-13434",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13434"
},
{
"cve": "CVE-2020-13543",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13543"
},
{
"cve": "CVE-2020-13584",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13584"
},
{
"cve": "CVE-2020-13776",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13776"
},
{
"cve": "CVE-2020-13777",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13777"
},
{
"cve": "CVE-2020-13954",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-13954"
},
{
"cve": "CVE-2020-14352",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-14352"
},
{
"cve": "CVE-2020-14422",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-14422"
},
{
"cve": "CVE-2020-15358",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-1730",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-1730"
},
{
"cve": "CVE-2020-24489",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24489"
},
{
"cve": "CVE-2020-24511",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24511"
},
{
"cve": "CVE-2020-24512",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24512"
},
{
"cve": "CVE-2020-24513",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24513"
},
{
"cve": "CVE-2020-24659",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24659"
},
{
"cve": "CVE-2020-24977",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-24977"
},
{
"cve": "CVE-2020-26116",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-26116"
},
{
"cve": "CVE-2020-27170",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27170"
},
{
"cve": "CVE-2020-27618",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27618"
},
{
"cve": "CVE-2020-27619",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27619"
},
{
"cve": "CVE-2020-27777",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-28196",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-28196"
},
{
"cve": "CVE-2020-29361",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-29361"
},
{
"cve": "CVE-2020-29362",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-29362"
},
{
"cve": "CVE-2020-29363",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-29363"
},
{
"cve": "CVE-2020-7226",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-7226"
},
{
"cve": "CVE-2020-7595",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-7595"
},
{
"cve": "CVE-2020-8177",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8492",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8492"
},
{
"cve": "CVE-2020-8648",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8648"
},
{
"cve": "CVE-2020-8927",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-8927"
},
{
"cve": "CVE-2020-9492",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9492"
},
{
"cve": "CVE-2020-9948",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9948"
},
{
"cve": "CVE-2020-9951",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9951"
},
{
"cve": "CVE-2020-9983",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2020-9983"
},
{
"cve": "CVE-2021-20271",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-20271"
},
{
"cve": "CVE-2021-20305",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-20305"
},
{
"cve": "CVE-2021-2161",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-2161"
},
{
"cve": "CVE-2021-22555",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-22555"
},
{
"cve": "CVE-2021-22696",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-22696"
},
{
"cve": "CVE-2021-23239",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-23239"
},
{
"cve": "CVE-2021-23240",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-23240"
},
{
"cve": "CVE-2021-23336",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-23336"
},
{
"cve": "CVE-2021-28163",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-28163"
},
{
"cve": "CVE-2021-28165",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-28165"
},
{
"cve": "CVE-2021-28169",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-28169"
},
{
"cve": "CVE-2021-29154",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29154"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-29650",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29650"
},
{
"cve": "CVE-2021-30468",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-30468"
},
{
"cve": "CVE-2021-31811",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-31811"
},
{
"cve": "CVE-2021-31812",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-31812"
},
{
"cve": "CVE-2021-32027",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-32027"
},
{
"cve": "CVE-2021-32028",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-32028"
},
{
"cve": "CVE-2021-32399",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-32399"
},
{
"cve": "CVE-2021-3326",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3326"
},
{
"cve": "CVE-2021-3347",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3347"
},
{
"cve": "CVE-2021-33503",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-33503"
},
{
"cve": "CVE-2021-3449",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3449"
},
{
"cve": "CVE-2021-3450",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3450"
},
{
"cve": "CVE-2021-3516",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3516"
},
{
"cve": "CVE-2021-3520",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-3541",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3541"
},
{
"cve": "CVE-2021-3715",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in verschiedenen Komponenten. Ein entfernter, anonymer oder authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Administratorrechte zu erlangen, beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-3715"
},
{
"cve": "CVE-2021-20400",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Schwachstelle. Es werden unsichere Kryptoalgorithmen genutzt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-20400"
},
{
"cve": "CVE-2021-29779",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Schwachstelle. Die Schwachstellen ist auf eine fehlende Authentisierung beim Schl\u00fcsselaustausch zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29779"
},
{
"cve": "CVE-2021-29863",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Schwachstelle. Die Schwachstelle ist auf einen unzureichenden Patch zur\u00fcckzuf\u00fchren und erm\u00f6glicht einen Server-Site-Request-Forgery (SSRF)-Angriff. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29863"
},
{
"cve": "CVE-2021-29849",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T014687",
"T023574",
"T016287"
]
},
"release_date": "2021-11-30T23:00:00.000+00:00",
"title": "CVE-2021-29849"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…