Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-8022 (GCVE-0-2020-8022)
Vulnerability from cvelistv5 – Published: 2020-06-29 08:20 – Updated: 2024-09-17 00:16
VLAI?
EPSS
Title
User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
Summary
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
Severity ?
7.7 (High)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE Enterprise Storage 5 |
Affected:
tomcat , < 8.0.53-29.32.1
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2020-06-26 00:00
Credits
Matthias Gerstner of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Enterprise Storage 5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-BCL",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.39.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12-SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.39.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 15-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.57.3",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 12-SP3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server for SAP 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0.35-3.57.3",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0.53-29.32.1",
"status": "affected",
"version": "tomcat",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2020-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-07T14:06:28.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"defect": [
"1172405"
],
"discovery": "INTERNAL"
},
"title": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-06-26T00:00:00.000Z",
"ID": "CVE-2020-8022",
"STATE": "PUBLIC",
"TITLE": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Enterprise Storage 5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.39.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.39.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.57.3"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.57.3"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 7",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud Crowbar 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"defect": [
"1172405"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2020-8022",
"datePublished": "2020-06-29T08:20:12.619Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:16:49.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-8022",
"date": "2026-04-15",
"epss": "0.00187",
"percentile": "0.4058"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-8022\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2020-06-29T09:15:11.307\",\"lastModified\":\"2024-11-21T05:38:14.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete tomcat en SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8, permite a atacantes locales escalar del grupo tomcat a root. Este problema afecta a: tomcat de SUSE Enterprise Storage 5 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP2-BCL versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP2-LTSS versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP3-BCL versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP3-LTSS versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP4 versiones anteriores a 9.0.35-3.39.1. tomcat de SUSE Linux Enterprise Server 12-SP5 versiones anteriores a 9.0.35-3.39.1. tomcat de SUSE Linux Enterprise Server 15-LTSS versiones anteriores a 9.0.35-3.57.3. tomcat de SUSE Linux Enterprise Server for SAP 12-SP2 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server for SAP 12-SP3 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server for SAP 15 versiones anteriores a 9.0.35-3.57.3. tomcat de SUSE OpenStack Cloud 7 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE OpenStack Cloud 8 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE OpenStack Cloud Crowbar 8 versiones anteriores a 8.0.53-29.32.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:suse:enterprise_storage:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB13FD29-BB94-4B33-870F-7EC956E87515\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F84B2729-7B52-4505-9656-1BD31B980705\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"32C12523-2500-44D0-97EE-E740BD3E61B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"631BB7F0-5F27-4244-8E72-428DA824C75B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*\",\"matchCriteriaId\":\"C6622CD4-DF4B-4064-BAEB-5E382C4B05C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:sap:*:*\",\"matchCriteriaId\":\"3691A00A-D075-437B-A818-C7C26EE73532\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*\",\"matchCriteriaId\":\"16729D9C-DC05-41BD-9B32-682983190CE0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:suse:openstack_cloud:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A11C023-22C5-409C-9818-2C91D51AE01B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C3BEB21-4080-4258-B95C-562D717AED0B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.53-29.32.1\",\"matchCriteriaId\":\"3B0095DD-61C0-4FC9-A466-8335D4AF1AEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1675CBE5-44D3-4326-AE8B-EEB9E25D783A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.35-3.39.1\",\"matchCriteriaId\":\"D89AB32C-1920-4936-9904-4E64F174B0E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"55E8AB88-2347-497B-91DE-AF64E08ED8F3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.35-3.39.1\",\"matchCriteriaId\":\"D89AB32C-1920-4936-9904-4E64F174B0E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"29AE5751-3EA5-4056-8E79-16D8DCD248EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.35-3.57.3\",\"matchCriteriaId\":\"4FC1168B-713C-413E-B518-0D1E98052E46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"C665A768-DBDA-4197-9159-A2791E98A84F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html\",\"source\":\"meissner@suse.de\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1172405\",\"source\":\"meissner@suse.de\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E\",\"source\":\"meissner@suse.de\"},{\"url\":\"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E\",\"source\":\"meissner@suse.de\"},{\"url\":\"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"meissner@suse.de\"},{\"url\":\"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"meissner@suse.de\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1172405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GSD-2020-8022
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8022",
"description": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"id": "GSD-2020-8022",
"references": [
"https://www.suse.com/security/cve/CVE-2020-8022.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8022"
],
"details": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"id": "GSD-2020-8022",
"modified": "2023-12-13T01:21:54.498042Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2020-06-26T00:00:00.000Z",
"ID": "CVE-2020-8022",
"STATE": "PUBLIC",
"TITLE": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Enterprise Storage 5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-BCL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.39.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12-SP5",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.39.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.57.3"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 12-SP3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server for SAP 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "9.0.35-3.57.3"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 7",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud Crowbar 8",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "tomcat",
"version_value": "8.0.53-29.32.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"defect": [
"1172405"
],
"discovery": "INTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,8.0.53),[9.0.0,9.0.35)",
"affected_versions": "All versions before 8.0.53, all versions starting from 9.0.0 before 9.0.35",
"cvss_v2": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-276",
"CWE-937"
],
"date": "2022-02-09",
"description": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"fixed_versions": [
"8.0.53",
"9.0.35"
],
"identifier": "CVE-2020-8022",
"identifiers": [
"GHSA-gc58-v8h3-x2gr",
"CVE-2020-8022"
],
"not_impacted": "All versions starting from 8.0.53 before 9.0.0, all versions starting from 9.0.35",
"package_slug": "maven/org.apache.tomcat.embed/tomcat-embed-core",
"pubdate": "2022-02-09",
"solution": "Upgrade to versions 8.0.53, 9.0.35 or above.",
"title": "Incorrect Default Permissions",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8022",
"https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E",
"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E",
"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E",
"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html",
"https://github.com/advisories/GHSA-gc58-v8h3-x2gr"
],
"uuid": "6d61c3f3-f303-430f-9d0b-cbe1eeb1b85f"
},
{
"affected_range": "(,8.0.53),[9.0.0,9.0.35)",
"affected_versions": "All versions before 8.0.53, all versions starting from 9.0.0 before 9.0.35",
"cvss_v2": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-276",
"CWE-937"
],
"date": "2022-02-09",
"description": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"fixed_versions": [
"8.0.53",
"9.0.35"
],
"identifier": "CVE-2020-8022",
"identifiers": [
"GHSA-gc58-v8h3-x2gr",
"CVE-2020-8022"
],
"not_impacted": "All versions starting from 8.0.53 before 9.0.0, all versions starting from 9.0.35",
"package_slug": "maven/org.apache.tomcat/tomcat",
"pubdate": "2022-02-09",
"solution": "Upgrade to versions 8.0.53, 9.0.35 or above.",
"title": "Incorrect Default Permissions",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-8022",
"https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E",
"https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E",
"https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E",
"https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E",
"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html",
"https://github.com/advisories/GHSA-gc58-v8h3-x2gr"
],
"uuid": "03aa7409-abce-4a38-bf69-8189a00c1aad"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:suse:enterprise_storage:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:suse:openstack_cloud:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.35-3.39.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.35-3.39.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.35-3.57.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2020-8022"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1172405",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"name": "openSUSE-SU-2020:0911",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"name": "[tomcat-users] 20200902 regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[tomcat-users] 20200902 Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210228 axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E"
},
{
"name": "[axis-java-dev] 20210307 Re: axis2 1.7.9 is exposed to CVE-2020-8022 via tomcat dependency",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-03-17T14:26Z",
"publishedDate": "2020-06-29T09:15Z"
}
}
}
CERTFR-2022-AVI-568
Vulnerability from certfr_avis - Published: 2022-06-17 - Updated: 2022-06-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113 | ||
| IBM | N/A | IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3 | ||
| IBM | N/A | IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix | ||
| IBM | N/A | IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2012-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"name": "CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2013-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2012-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2013-4590",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2019-17195",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2014-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"name": "CVE-2012-4431",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2013-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"name": "CVE-2018-17196",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2013-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2012-4534",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2014-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2014-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2013-4444",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2012-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2015-5345",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2016-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2012-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2022-06-17T00:00:00",
"last_revision_date": "2022-06-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-568",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595755"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595739"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595965"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595721"
}
]
}
CERTFR-2022-AVI-386
Vulnerability from certfr_avis - Published: 2022-04-26 - Updated: 2022-04-26
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 antérieure à 7.5.0 UP1 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 antérieures à 7.4.3 FP5 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.3 antérieures à 7.3.3 FP11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 ant\u00e9rieure \u00e0 7.5.0 UP1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 ant\u00e9rieures \u00e0 7.4.3 FP5",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.3 ant\u00e9rieures \u00e0 7.3.3 FP11",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2021-38919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38919"
},
{
"name": "CVE-2021-42340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42340"
},
{
"name": "CVE-2021-33929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
},
{
"name": "CVE-2021-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20231"
},
{
"name": "CVE-2021-38939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38939"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2021-38874",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38874"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2021-33928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
},
{
"name": "CVE-2021-36086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36086"
},
{
"name": "CVE-2021-20266",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20266"
},
{
"name": "CVE-2019-17594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17594"
},
{
"name": "CVE-2021-38869",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38869"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2020-24370",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24370"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2021-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
},
{
"name": "CVE-2020-16135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16135"
},
{
"name": "CVE-2021-36085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36085"
},
{
"name": "CVE-2021-29776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29776"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2019-17595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17595"
},
{
"name": "CVE-2021-23214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23214"
},
{
"name": "CVE-2021-33930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
},
{
"name": "CVE-2021-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
},
{
"name": "CVE-2021-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20232"
},
{
"name": "CVE-2021-28153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28153"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2021-33560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22345"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2021-38878",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38878"
},
{
"name": "CVE-2021-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36087"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"name": "CVE-2021-35560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
},
{
"name": "CVE-2021-36084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36084"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2021-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
}
],
"initial_release_date": "2022-04-26T00:00:00",
"last_revision_date": "2022-04-26T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-386",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574453 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574453"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6574787 du 25 avril 2022",
"url": "https://www.ibm.com/support/pages/node/6574787"
}
]
}
CERTFR-2025-AVI-0370
Vulnerability from certfr_avis - Published: 2025-05-02 - Updated: 2025-05-02
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions 6.1.x antérieures à 6.1.1.0 | ||
| IBM | VIOS | VIOS se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.1.x antérieures à 12.1.0 IF1 | ||
| IBM | Cognos PowerPlay | Cognos PowerPlay versions 12.1.x antérieures à 12.1.0 IF1 | ||
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions antérieures à 6.0.0.7 | ||
| IBM | Cognos Transformer | Cognos Transformer versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Cognos Transformer | Cognos Transformer versions 12.1.x antérieures à 12.1.0 IF1 | ||
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.3 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF04 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4.5 IF5 | ||
| IBM | WebSphere Automation | WebSphere Automation versions antérieures à 1.8.2 | ||
| IBM | Sterling B2B Integrator | IBM Sterling B2B Integrator versions 6.0.3.x antérieures à 6.0.3.5 | ||
| IBM | AIX | AIX se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation | ||
| IBM | Cognos Transformer | Cognos Transformer versions 12.0.x antérieures à 12.0.4 IF3 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.0",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos PowerPlay versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
"product": {
"name": "Cognos PowerPlay",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.0.0.7",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.5 IF5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.8.2",
"product": {
"name": "WebSphere Automation",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling B2B Integrator versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.5",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Transformer versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
"product": {
"name": "Cognos Transformer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"name": "CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2011-3190",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"name": "CVE-2024-11218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11218"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2013-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
},
{
"name": "CVE-2006-7197",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-7197"
},
{
"name": "CVE-2024-40695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40695"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2024-51466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51466"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2016-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
},
{
"name": "CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2025-05-02T00:00:00",
"last_revision_date": "2025-05-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0370",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6495961",
"url": "https://www.ibm.com/support/pages/node/6495961"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231738",
"url": "https://www.ibm.com/support/pages/node/7231738"
},
{
"published_at": "2025-04-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231815",
"url": "https://www.ibm.com/support/pages/node/7231815"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231900",
"url": "https://www.ibm.com/support/pages/node/7231900"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179496",
"url": "https://www.ibm.com/support/pages/node/7179496"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231901",
"url": "https://www.ibm.com/support/pages/node/7231901"
},
{
"published_at": "2025-04-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231915",
"url": "https://www.ibm.com/support/pages/node/7231915"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7232177",
"url": "https://www.ibm.com/support/pages/node/7232177"
}
]
}
OPENSUSE-SU-2020:0911-1
Vulnerability from csaf_opensuse - Published: 2020-06-29 18:20 - Updated: 2020-06-29 18:20Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-911
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-911",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0911-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0911-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UKH3XHJOALCLYY5SDDGU4G3ZG5TYAXXI/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0911-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UKH3XHJOALCLYY5SDDGU4G3ZG5TYAXXI/"
},
{
"category": "self",
"summary": "SUSE Bug 1172405",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8022/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2020-06-29T18:20:18Z",
"generator": {
"date": "2020-06-29T18:20:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0911-1",
"initial_release_date": "2020-06-29T18:20:18Z",
"revision_history": [
{
"date": "2020-06-29T18:20:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-embed-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-embed-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-javadoc-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-jsvc-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-lib-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-lib-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.35-lp151.3.21.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.35-lp151.3.21.1.noarch",
"product_id": "tomcat-webapps-9.0.35-lp151.3.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-embed-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-embed-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-javadoc-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-jsvc-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-lib-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-lib-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-lp151.3.21.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:tomcat-webapps-9.0.35-lp151.3.21.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-lp151.3.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8022"
}
],
"notes": [
{
"category": "general",
"text": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:tomcat-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-embed-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-javadoc-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-jsvc-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-lib-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-webapps-9.0.35-lp151.3.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8022",
"url": "https://www.suse.com/security/cve/CVE-2020-8022"
},
{
"category": "external",
"summary": "SUSE Bug 1172405 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "external",
"summary": "SUSE Bug 1172562 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:tomcat-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-embed-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-javadoc-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-jsvc-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-lib-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-webapps-9.0.35-lp151.3.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:tomcat-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-admin-webapps-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-docs-webapp-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-el-3_0-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-embed-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-javadoc-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-jsp-2_3-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-jsvc-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-lib-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-servlet-4_0-api-9.0.35-lp151.3.21.1.noarch",
"openSUSE Leap 15.1:tomcat-webapps-9.0.35-lp151.3.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-29T18:20:18Z",
"details": "important"
}
],
"title": "CVE-2020-8022"
}
]
}
SUSE-SU-2020:1788-1
Vulnerability from csaf_suse - Published: 2020-06-26 07:41 - Updated: 2020-06-26 07:41Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)
Patchnames: SUSE-2020-1788,SUSE-SLE-SERVER-12-SP4-2020-1788,SUSE-SLE-SERVER-12-SP5-2020-1788
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1788,SUSE-SLE-SERVER-12-SP4-2020-1788,SUSE-SLE-SERVER-12-SP5-2020-1788",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1788-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1788-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201788-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1788-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/007046.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172405",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8022/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2020-06-26T07:41:55Z",
"generator": {
"date": "2020-06-26T07:41:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1788-1",
"initial_release_date": "2020-06-26T07:41:55Z",
"revision_history": [
{
"date": "2020-06-26T07:41:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-9.0.35-3.39.1.noarch",
"product_id": "tomcat-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-embed-9.0.35-3.39.1.noarch",
"product_id": "tomcat-embed-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.35-3.39.1.noarch",
"product_id": "tomcat-javadoc-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.35-3.39.1.noarch",
"product_id": "tomcat-jsvc-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-lib-9.0.35-3.39.1.noarch",
"product_id": "tomcat-lib-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.35-3.39.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.35-3.39.1.noarch",
"product_id": "tomcat-webapps-9.0.35-3.39.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.39.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.39.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8022"
}
],
"notes": [
{
"category": "general",
"text": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8022",
"url": "https://www.suse.com/security/cve/CVE-2020-8022"
},
{
"category": "external",
"summary": "SUSE Bug 1172405 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "external",
"summary": "SUSE Bug 1172562 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:tomcat-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-admin-webapps-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-docs-webapp-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-el-3_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-javadoc-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-lib-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:tomcat-webapps-9.0.35-3.39.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-26T07:41:55Z",
"details": "important"
}
],
"title": "CVE-2020-8022"
}
]
}
SUSE-SU-2020:1791-1
Vulnerability from csaf_suse - Published: 2020-06-26 07:43 - Updated: 2020-06-26 07:43Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)
Patchnames: HPE-Helion-OpenStack-8-2020-1791,SUSE-2020-1791,SUSE-OpenStack-Cloud-7-2020-1791,SUSE-OpenStack-Cloud-8-2020-1791,SUSE-OpenStack-Cloud-Crowbar-8-2020-1791,SUSE-SLE-SAP-12-SP2-2020-1791,SUSE-SLE-SAP-12-SP3-2020-1791,SUSE-SLE-SERVER-12-SP2-2020-1791,SUSE-SLE-SERVER-12-SP2-BCL-2020-1791,SUSE-SLE-SERVER-12-SP3-2020-1791,SUSE-SLE-SERVER-12-SP3-BCL-2020-1791,SUSE-Storage-5-2020-1791
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2020-1791,SUSE-2020-1791,SUSE-OpenStack-Cloud-7-2020-1791,SUSE-OpenStack-Cloud-8-2020-1791,SUSE-OpenStack-Cloud-Crowbar-8-2020-1791,SUSE-SLE-SAP-12-SP2-2020-1791,SUSE-SLE-SAP-12-SP3-2020-1791,SUSE-SLE-SERVER-12-SP2-2020-1791,SUSE-SLE-SERVER-12-SP2-BCL-2020-1791,SUSE-SLE-SERVER-12-SP3-2020-1791,SUSE-SLE-SERVER-12-SP3-BCL-2020-1791,SUSE-Storage-5-2020-1791",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1791-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1791-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201791-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1791-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/007047.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172405",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8022/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2020-06-26T07:43:57Z",
"generator": {
"date": "2020-06-26T07:43:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1791-1",
"initial_release_date": "2020-06-26T07:43:57Z",
"revision_history": [
{
"date": "2020-06-26T07:43:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-8.0.53-29.32.1.noarch",
"product_id": "tomcat-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"product_id": "tomcat-admin-webapps-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"product_id": "tomcat-docs-webapp-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"product_id": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"product_id": "tomcat-javadoc-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"product_id": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch",
"product_id": "tomcat-lib-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"product_id": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch",
"product_id": "tomcat-webapps-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-embed-8.0.53-29.32.1.noarch",
"product_id": "tomcat-embed-8.0.53-29.32.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-8.0.53-29.32.1.noarch",
"product": {
"name": "tomcat-jsvc-8.0.53-29.32.1.noarch",
"product_id": "tomcat-jsvc-8.0.53-29.32.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-admin-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-docs-webapp-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-el-3_0-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-javadoc-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-javadoc-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-lib-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-lib-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.53-29.32.1.noarch as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:tomcat-webapps-8.0.53-29.32.1.noarch"
},
"product_reference": "tomcat-webapps-8.0.53-29.32.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8022"
}
],
"notes": [
{
"category": "general",
"text": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:tomcat-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-lib-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-webapps-8.0.53-29.32.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8022",
"url": "https://www.suse.com/security/cve/CVE-2020-8022"
},
{
"category": "external",
"summary": "SUSE Bug 1172405 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "external",
"summary": "SUSE Bug 1172562 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:tomcat-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-lib-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-webapps-8.0.53-29.32.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:tomcat-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-lib-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"HPE Helion OpenStack 8:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Enterprise Storage 5:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-BCL:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server 12 SP3-LTSS:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 7:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud 8:tomcat-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-admin-webapps-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-docs-webapp-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-el-3_0-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-javadoc-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-jsp-2_3-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-lib-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-servlet-3_1-api-8.0.53-29.32.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:tomcat-webapps-8.0.53-29.32.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-26T07:43:57Z",
"details": "important"
}
],
"title": "CVE-2020-8022"
}
]
}
SUSE-SU-2020:1789-1
Vulnerability from csaf_suse - Published: 2020-06-26 07:42 - Updated: 2020-06-26 07:42Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)
Patchnames: SUSE-2020-1789,SUSE-SLE-Product-HPC-15-2020-1789,SUSE-SLE-Product-SLES-15-2020-1789,SUSE-SLE-Product-SLES_SAP-15-2020-1789
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1789,SUSE-SLE-Product-HPC-15-2020-1789,SUSE-SLE-Product-SLES-15-2020-1789,SUSE-SLE-Product-SLES_SAP-15-2020-1789",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1789-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1789-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201789-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1789-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/007045.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172405",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8022/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2020-06-26T07:42:24Z",
"generator": {
"date": "2020-06-26T07:42:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1789-1",
"initial_release_date": "2020-06-26T07:42:24Z",
"revision_history": [
{
"date": "2020-06-26T07:42:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-9.0.35-3.57.3.noarch",
"product_id": "tomcat-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"product_id": "tomcat-admin-webapps-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.35-3.57.3.noarch",
"product_id": "tomcat-docs-webapp-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"product_id": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-embed-9.0.35-3.57.3.noarch",
"product_id": "tomcat-embed-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-javadoc-9.0.35-3.57.3.noarch",
"product_id": "tomcat-javadoc-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-jsvc-9.0.35-3.57.3.noarch",
"product_id": "tomcat-jsvc-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-lib-9.0.35-3.57.3.noarch",
"product_id": "tomcat-lib-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.35-3.57.3.noarch",
"product": {
"name": "tomcat-webapps-9.0.35-3.57.3.noarch",
"product_id": "tomcat-webapps-9.0.35-3.57.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-admin-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-lib-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:tomcat-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:tomcat-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:tomcat-admin-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:tomcat-el-3_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:tomcat-lib-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-lib-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-3.57.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:tomcat-webapps-9.0.35-3.57.3.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-3.57.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8022"
}
],
"notes": [
{
"category": "general",
"text": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-webapps-9.0.35-3.57.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8022",
"url": "https://www.suse.com/security/cve/CVE-2020-8022"
},
{
"category": "external",
"summary": "SUSE Bug 1172405 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "external",
"summary": "SUSE Bug 1172562 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-webapps-9.0.35-3.57.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server 15-LTSS:tomcat-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-admin-webapps-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-el-3_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-jsp-2_3-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-lib-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-servlet-4_0-api-9.0.35-3.57.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15:tomcat-webapps-9.0.35-3.57.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-26T07:42:24Z",
"details": "important"
}
],
"title": "CVE-2020-8022"
}
]
}
SUSE-SU-2020:1790-1
Vulnerability from csaf_suse - Published: 2020-06-26 07:42 - Updated: 2020-06-26 07:42Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)
Patchnames: SUSE-2020-1790,SUSE-SLE-Module-Web-Scripting-15-SP1-2020-1790
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1790,SUSE-SLE-Module-Web-Scripting-15-SP1-2020-1790",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1790-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1790-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201790-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1790-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-June/007048.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172405",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8022 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8022/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2020-06-26T07:42:43Z",
"generator": {
"date": "2020-06-26T07:42:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1790-1",
"initial_release_date": "2020-06-26T07:42:43Z",
"revision_history": [
{
"date": "2020-06-26T07:42:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-9.0.35-4.35.1.noarch",
"product_id": "tomcat-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.35-4.35.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.35-4.35.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.35-4.35.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-embed-9.0.35-4.35.1.noarch",
"product_id": "tomcat-embed-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.35-4.35.1.noarch",
"product_id": "tomcat-javadoc-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.35-4.35.1.noarch",
"product_id": "tomcat-jsvc-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-lib-9.0.35-4.35.1.noarch",
"product_id": "tomcat-lib-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.35-4.35.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.35-4.35.1.noarch",
"product_id": "tomcat-webapps-9.0.35-4.35.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.35-4.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-9.0.35-4.35.1.noarch"
},
"product_reference": "tomcat-9.0.35-4.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.35-4.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-admin-webapps-9.0.35-4.35.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.35-4.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.35-4.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-el-3_0-api-9.0.35-4.35.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.35-4.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.35-4.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-lib-9.0.35-4.35.1.noarch"
},
"product_reference": "tomcat-lib-9.0.35-4.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.35-4.35.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-webapps-9.0.35-4.35.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.35-4.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8022"
}
],
"notes": [
{
"category": "general",
"text": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-admin-webapps-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-el-3_0-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-lib-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-webapps-9.0.35-4.35.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8022",
"url": "https://www.suse.com/security/cve/CVE-2020-8022"
},
{
"category": "external",
"summary": "SUSE Bug 1172405 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172405"
},
{
"category": "external",
"summary": "SUSE Bug 1172562 for CVE-2020-8022",
"url": "https://bugzilla.suse.com/1172562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-admin-webapps-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-el-3_0-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-lib-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-webapps-9.0.35-4.35.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-admin-webapps-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-el-3_0-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-jsp-2_3-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-lib-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-servlet-4_0-api-9.0.35-4.35.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP1:tomcat-webapps-9.0.35-4.35.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-26T07:42:43Z",
"details": "important"
}
],
"title": "CVE-2020-8022"
}
]
}
BDU:2020-03225
Vulnerability from fstec - Published: 29.06.2020
VLAI Severity ?
Title
Уязвимость компонента /usr/lib/tmpfiles.d/tomcat.conf пакета Tomcat операционной системы SUSE Linux Enterprise, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость компонента /usr/lib/tmpfiles.d/tomcat.conf пакета Tomcat операционной системы SUSE Linux Enterprise связана с ошибками использования стандартных разрешений. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии
Severity ?
Vendor
Novell Inc.
Software Name
SUSE Linux Enterprise Server for SAP Applications, SUSE OpenStack Cloud, Suse Linux Enterprise Server, SUSE Enterprise Storage, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap, SUSE Linux Enterprise Module for Web Scripting, HPE Helion Openstack, SUSE Linux Enterprise High Performance Computing
Software Version
12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 7 (SUSE OpenStack Cloud), 12 SP4 (Suse Linux Enterprise Server), 5 (SUSE Enterprise Storage), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Web Scripting), Crowbar 8 (SUSE OpenStack Cloud), 8 (HPE Helion Openstack), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 15-ESPOS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (Suse Linux Enterprise Server)
Possible Mitigations
Использование рекомендаций:
https://www.suse.com/security/cve/CVE-2020-8022/
Reference
https://www.suse.com/security/cve/CVE-2020-8022/
https://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html
https://bugzilla.suse.com/show_bug.cgi?id=1172405
https://nvd.nist.gov/vuln/detail/CVE-2020-8022
CWE
CWE-276
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 7 (SUSE OpenStack Cloud), 12 SP4 (Suse Linux Enterprise Server), 5 (SUSE Enterprise Storage), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 SP1 (SUSE Linux Enterprise Module for Open Buildservice Development Tools), 15.1 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Module for Web Scripting), Crowbar 8 (SUSE OpenStack Cloud), 8 (HPE Helion Openstack), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 15-ESPOS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (SUSE Linux Enterprise High Performance Computing), 15-LTSS (Suse Linux Enterprise Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.suse.com/security/cve/CVE-2020-8022/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "09.07.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-03225",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8022",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SUSE Linux Enterprise Server for SAP Applications, SUSE OpenStack Cloud, Suse Linux Enterprise Server, SUSE Enterprise Storage, SUSE Linux Enterprise Point of Sale, SUSE Linux Enterprise Module for Open Buildservice Development Tools, OpenSUSE Leap, SUSE Linux Enterprise Module for Web Scripting, HPE Helion Openstack, SUSE Linux Enterprise High Performance Computing",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.1 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 /usr/lib/tmpfiles.d/tomcat.conf \u043f\u0430\u043a\u0435\u0442\u0430 Tomcat \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0435 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f (CWE-276)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 /usr/lib/tmpfiles.d/tomcat.conf \u043f\u0430\u043a\u0435\u0442\u0430 Tomcat \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b SUSE Linux Enterprise \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2020-8022/\nhttps://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html\nhttps://bugzilla.suse.com/show_bug.cgi?id=1172405\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8022",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-276",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,7)"
}
FKIE_CVE-2020-8022
Vulnerability from fkie_nvd - Published: 2020-06-29 09:15 - Updated: 2024-11-21 05:38
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
References
| URL | Tags | ||
|---|---|---|---|
| meissner@suse.de | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html | Mailing List, Vendor Advisory | |
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1172405 | Exploit, Issue Tracking, Vendor Advisory | |
| meissner@suse.de | https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E | ||
| meissner@suse.de | https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E | ||
| meissner@suse.de | https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E | ||
| meissner@suse.de | https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1172405 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | tomcat | * | |
| suse | enterprise_storage | 5.0 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | openstack_cloud | 7.0 | |
| apache | tomcat | * | |
| suse | openstack_cloud | 8.0 | |
| apache | tomcat | * | |
| suse | openstack_cloud_crowbar | 8.0 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 12 | |
| apache | tomcat | * | |
| suse | linux_enterprise_server | 15 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:enterprise_storage:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB13FD29-BB94-4B33-870F-7EC956E87515",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F84B2729-7B52-4505-9656-1BD31B980705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "32C12523-2500-44D0-97EE-E740BD3E61B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*",
"matchCriteriaId": "631BB7F0-5F27-4244-8E72-428DA824C75B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "C6622CD4-DF4B-4064-BAEB-5E382C4B05C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:sap:*:*",
"matchCriteriaId": "3691A00A-D075-437B-A818-C7C26EE73532",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*",
"matchCriteriaId": "16729D9C-DC05-41BD-9B32-682983190CE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A11C023-22C5-409C-9818-2C91D51AE01B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3BEB21-4080-4258-B95C-562D717AED0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0095DD-61C0-4FC9-A466-8335D4AF1AEF",
"versionEndExcluding": "8.0.53-29.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1675CBE5-44D3-4326-AE8B-EEB9E25D783A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D89AB32C-1920-4936-9904-4E64F174B0E4",
"versionEndExcluding": "9.0.35-3.39.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55E8AB88-2347-497B-91DE-AF64E08ED8F3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D89AB32C-1920-4936-9904-4E64F174B0E4",
"versionEndExcluding": "9.0.35-3.39.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*",
"matchCriteriaId": "29AE5751-3EA5-4056-8E79-16D8DCD248EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC1168B-713C-413E-B518-0D1E98052E46",
"versionEndExcluding": "9.0.35-3.57.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*",
"matchCriteriaId": "C665A768-DBDA-4197-9159-A2791E98A84F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete tomcat en SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8, permite a atacantes locales escalar del grupo tomcat a root. Este problema afecta a: tomcat de SUSE Enterprise Storage 5 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP2-BCL versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP2-LTSS versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP3-BCL versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP3-LTSS versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server 12-SP4 versiones anteriores a 9.0.35-3.39.1. tomcat de SUSE Linux Enterprise Server 12-SP5 versiones anteriores a 9.0.35-3.39.1. tomcat de SUSE Linux Enterprise Server 15-LTSS versiones anteriores a 9.0.35-3.57.3. tomcat de SUSE Linux Enterprise Server for SAP 12-SP2 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server for SAP 12-SP3 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE Linux Enterprise Server for SAP 15 versiones anteriores a 9.0.35-3.57.3. tomcat de SUSE OpenStack Cloud 7 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE OpenStack Cloud 8 versiones anteriores a 8.0.53-29.32.1. tomcat de SUSE OpenStack Cloud Crowbar 8 versiones anteriores a 8.0.53-29.32.1"
}
],
"id": "CVE-2020-8022",
"lastModified": "2024-11-21T05:38:14.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "meissner@suse.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-29T09:15:11.307",
"references": [
{
"source": "meissner@suse.de",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"source": "meissner@suse.de",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"source": "meissner@suse.de",
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "meissner@suse.de",
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "meissner@suse.de",
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "meissner@suse.de",
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
}
],
"sourceIdentifier": "meissner@suse.de",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "meissner@suse.de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
bit-tomcat-2020-8022
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:10
Modified
2025-05-20 10:02
Summary
User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges
Details
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "tomcat",
"purl": "pkg:bitnami/tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.35-3.57.3"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2020-8022"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"id": "BIT-tomcat-2020-8022",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T11:10:37.975Z",
"references": [
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be%40%3Cjava-dev.axis.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928%40%3Cjava-dev.axis.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1%40%3Cusers.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7%40%3Cusers.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8022"
}
],
"schema_version": "1.5.0",
"summary": "User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges"
}
GHSA-GC58-V8H3-X2GR
Vulnerability from github – Published: 2022-02-09 23:01 – Updated: 2024-07-10 17:24
VLAI?
Summary
Incorrect Default Permissions in Apache Tomcat
Details
Withdrawn
As per https://lists.apache.org/thread/0z644xfjo49pn2oxcp9qslkvhhw4tb7q this issue only affects the SUSE built artifacts of tomcat and is not relevant for the artifacts on maven central.
Original Advisory
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 80.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
Severity ?
7.8 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.53"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.35"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8022"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-12T19:23:48Z",
"nvd_published_at": "2020-06-29T09:15:00Z",
"severity": "HIGH"
},
"details": "### Withdrawn\nAs per https://lists.apache.org/thread/0z644xfjo49pn2oxcp9qslkvhhw4tb7q this issue only affects the SUSE built artifacts of tomcat and is not relevant for the artifacts on maven central.\n\n### Original Advisory\nA Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 80.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.",
"id": "GHSA-gc58-v8h3-x2gr",
"modified": "2024-07-10T17:24:43Z",
"published": "2022-02-09T23:01:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8022"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1172405"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adccaa02be@%3Cjava-dev.axis.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf913928@%3Cjava-dev.axis.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a45f0fa1@%3Cusers.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2bc69e7@%3Cusers.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Default Permissions in Apache Tomcat",
"withdrawn": "2024-07-10T17:24:42Z"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…