Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-22096 (GCVE-0-2021-22096)
Vulnerability from cvelistv5 – Published: 2021-10-28 15:22 – Updated: 2024-08-03 18:30
VLAI
EPSS
Summary
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Severity
No CVSS data available.
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://tanzu.vmware.com/security/cve-2021-22096 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021112… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Spring Framework |
Affected:
Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to 5.2.18+ and all older unsupported versions are impacted.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Framework",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to 5.2.18+ and all older unsupported versions are impacted."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:24:13.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_value": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to 5.2.18+ and all older unsupported versions are impacted."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117: Improper Output Neutralization for Logs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2021-22096",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2021-22096"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211125-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22096",
"datePublished": "2021-10-28T15:22:35.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-22096",
"date": "2026-05-29",
"epss": "0.00227",
"percentile": "0.45481"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-22096\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2021-10-28T16:15:07.733\",\"lastModified\":\"2024-11-21T05:49:31.290\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.\"},{\"lang\":\"es\",\"value\":\"En Spring Framework versiones 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, y en versiones anteriores no soportadas, es posible para un usuario proporcionar una entrada maliciosa para causar una inserci\u00f3n de entradas de registro adicionales\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-117\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2.0\",\"versionEndIncluding\":\"5.2.17\",\"matchCriteriaId\":\"FFA56919-8FEB-4453-AF87-4343F6EC8E87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3.0\",\"versionEndIncluding\":\"5.3.10\",\"matchCriteriaId\":\"0A3FC7B7-D599-4179-8642-FFC05CBF4604\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*\",\"matchCriteriaId\":\"E8F29E19-3A64-4426-A2AA-F169440267CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:*\",\"matchCriteriaId\":\"B4A442CC-41F0-4DED-9D3C-89E58826E6A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAAB7154-4DE8-4806-86D0-C1D33B84417B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"175B97A7-0B00-4378-AD9F-C01B6D9FD570\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20211125-0005/\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tanzu.vmware.com/security/cve-2021-22096\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211125-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tanzu.vmware.com/security/cve-2021-22096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022:6393
Vulnerability from csaf_redhat - Published: 2022-09-08 11:31 - Updated: 2026-05-25 14:24Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update
Severity
Important
Notes
Topic: Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
* ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)
* springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)
* Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)
* With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)
* With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)
* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)
* Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)
* ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)
* Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)
* Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)
* Rebase package(s) to version: 4.4.7.
Highlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)
* In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)
* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.
6.1 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch | — |
Threats
Impact
Moderate
A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.
6.1 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
4.3 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch | — |
Threats
Impact
Low
A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.2 (High)
Affected products
Fixed
2 products
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch | — |
Threats
Impact
Low
A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a loss of confidentiality.
5.1 (Medium)
Affected products
Fixed
2 products
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch | — |
Threats
Impact
Moderate
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch | — |
Threats
Impact
Important
References
53 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\n* ovirt-log-collector: RHVM admin password is logged unfiltered (CVE-2022-2806)\n\n* springframework: malicious input leads to insertion of additional log entries (CVE-2021-22096)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, running engine-setup did not always renew OVN certificates close to expiration or expired. With this release, OVN certificates are always renewed by engine-setup when needed. (BZ#2097558)\n\n* Previously, the Manager issued warnings of approaching certificate expiration before engine-setup could update certificates. In this release expiration warnings and certificate update periods are aligned, and certificates are updated as soon as expiration warnings occur. (BZ#2097725)\n\n* With this release, OVA export or import work on hosts with a non-standard SSH port. (BZ#2104939)\n\n* With this release, the certificate validity test is compatible with RHEL 8 and RHEL 7 based hypervisors. (BZ#2107250)\n\n* RHV 4.4 SP1 and later are only supported on RHEL 8.6, customers cannot use RHEL 8.7 or later, and must stay with RHEL 8.6 EUS. (BZ#2108985)\n\n* Previously, importing templates from the Administration Portal did not work. With this release, importing templates from the Administration Portal is possible. (BZ#2109923)\n\n* ovirt-provider-ovn certificate expiration is checked along with other RHV certificates. If ovirt-provider-ovn is about to expire or already expired, a warning or alert is raised in the audit log. To renew the ovirt-provider-ovn certificate, administators must run engine-setup. If your ovirt-provider-ovn certificate expires on a previous RHV version, upgrade to RHV 4.4 SP1 batch 2 or later, and ovirt-provider-ovn certificate will be renewed automatically in the engine-setup. (BZ#2097560)\n\n* Previously, when importing a virtual machine with manual CPU pinning, the manual pinning string was cleared, but the CPU pinning policy was not set to NONE. As a result, importing failed. In this release, the CPU pinning policy is set to NONE if the CPU pinning string is cleared, and importing succeeds. (BZ#2104115)\n\n* Previously, the Manager could start a virtual machine with a Resize and Pin NUMA policy on a host without an equal number of physical sockets to NUMA nodes. As a result, wrong pinning was assigned to the policy. With this release, the Manager does not allow the virtual machine to be scheduled on such a virtual machine, and the pinning is correct based on the algorithm. (BZ#1955388)\n\n* Rebase package(s) to version: 4.4.7.\nHighlights, important fixes, or notable enhancements: fixed BZ#2081676 (BZ#2104831)\n\n* In this release, rhv-log-collector-analyzer provides detailed output for each problematic image, including disk names, associated virtual machine, the host running the virtual machine, snapshots, and current SPM. The detailed view is now the default. The compact option can be set by using the --compact switch in the command line. (BZ#2097536)\n\n* UnboundID LDAP SDK has been rebased on upstream version 6.0.4. See https://github.com/pingidentity/ldapsdk/releases for changes since version 4.0.14 (BZ#2092478)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6393",
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1939284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939284"
},
{
"category": "external",
"summary": "1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "1955388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955388"
},
{
"category": "external",
"summary": "1974974",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974974"
},
{
"category": "external",
"summary": "2034584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584"
},
{
"category": "external",
"summary": "2080005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080005"
},
{
"category": "external",
"summary": "2092478",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092478"
},
{
"category": "external",
"summary": "2094577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094577"
},
{
"category": "external",
"summary": "2097536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097536"
},
{
"category": "external",
"summary": "2097558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097558"
},
{
"category": "external",
"summary": "2097560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097560"
},
{
"category": "external",
"summary": "2097725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097725"
},
{
"category": "external",
"summary": "2104115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104115"
},
{
"category": "external",
"summary": "2104831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104831"
},
{
"category": "external",
"summary": "2104939",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104939"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2107250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107250"
},
{
"category": "external",
"summary": "2107267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107267"
},
{
"category": "external",
"summary": "2108985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108985"
},
{
"category": "external",
"summary": "2109923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109923"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6393.json"
}
],
"title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update",
"tracking": {
"current_release_date": "2026-05-25T14:24:57+00:00",
"generator": {
"date": "2026-05-25T14:24:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:6393",
"initial_release_date": "2022-09-08T11:31:04+00:00",
"revision_history": [
{
"date": "2022-09-08T11:31:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-08T11:31:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-25T14:24:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product": {
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"product": {
"name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"product_id": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unboundid-ldapsdk@6.0.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"product_id": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.5-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.9.1-1.el8ev.src",
"product": {
"name": "ovirt-web-ui-0:1.9.1-1.el8ev.src",
"product_id": "ovirt-web-ui-0:1.9.1-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.1-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"product_id": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.15-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"product": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.6-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"product": {
"name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"product_id": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.7-2.el8ev.src",
"product": {
"name": "ovirt-log-collector-0:4.4.7-2.el8ev.src",
"product_id": "ovirt-log-collector-0:4.4.7-2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.7-2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"product_id": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"product": {
"name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"product_id": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.2.4-0.1.el8ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"product": {
"name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"product_id": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unboundid-ldapsdk@6.0.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"product": {
"name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"product_id": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unboundid-ldapsdk-javadoc@6.0.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"product_id": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.5-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"product": {
"name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"product_id": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.1-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"product_id": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.15-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.6-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"product_id": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap-setup@1.4.6-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"product": {
"name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"product_id": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.7-2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java@1.7.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch",
"product": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch",
"product_id": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/vdsm-jsonrpc-java-javadoc@1.7.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"product": {
"name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"product_id": "rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm@4.5.2.4-0.1.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src"
},
"product_reference": "ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src"
},
"product_reference": "ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src"
},
"product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch"
},
"product_reference": "ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.7-2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src"
},
"product_reference": "ovirt-log-collector-0:4.4.7-2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch"
},
"product_reference": "ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.9.1-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src"
},
"product_reference": "ovirt-web-ui-0:1.9.1-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-0:4.5.2.4-0.1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch"
},
"product_reference": "rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch"
},
"product_reference": "unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src"
},
"product_reference": "unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch"
},
"product_reference": "unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src"
},
"product_reference": "vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
},
"product_reference": "vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-08T11:31:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-08T11:31:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
},
{
"cve": "CVE-2021-22096",
"discovery_date": "2021-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034584"
}
],
"notes": [
{
"category": "description",
"text": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: malicious input leads to insertion of additional log entries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-22096"
},
{
"category": "external",
"summary": "RHBZ#2034584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096"
}
],
"release_date": "2021-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-08T11:31:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "springframework: malicious input leads to insertion of additional log entries"
},
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944286"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-underscore: Arbitrary code execution via the template function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "RHBZ#1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-08T11:31:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-underscore: Arbitrary code execution via the template function"
},
{
"cve": "CVE-2022-2806",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-04-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080005"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a loss of confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ovirt-log-collector: RHVM admin password is logged unfiltered",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2806"
},
{
"category": "external",
"summary": "RHBZ#2080005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080005"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2806"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-08T11:31:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ovirt-log-collector: RHVM admin password is logged unfiltered"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-08T11:31:04+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.2.4-0.1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.5-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.7-2.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.1-1.el8ev.src",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.15-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.2.4-0.1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:unboundid-ldapsdk-0:6.0.4-1.el8ev.src",
"8Base-RHV-S-4.4:unboundid-ldapsdk-javadoc-0:6.0.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-0:1.7.2-1.el8ev.src",
"8Base-RHV-S-4.4:vdsm-jsonrpc-java-javadoc-0:1.7.2-1.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
}
]
}
WID-SEC-W-2022-0095
Vulnerability from csaf_certbund - Published: 2021-10-26 22:00 - Updated: 2024-03-20 23:00Summary
VMware Tanzu Spring Framework: Schwachstelle ermöglicht Manipulation von Dateien
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das Spring Framework bietet ein Entwicklungsmodell für Java mit Infrastrukturunterstützung auf Anwendungsebene.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in VMware Tanzu Spring Framework ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- NetApp Appliance
- Sonstiges
Es existiert eine Schwachstelle in VMware Tanzu Spring Framework. Ein Angreifer kann diese Schwachstelle ausnutzen, um durch böswillige Eingaben zusätzliche Protokolleinträge hinzuzufügen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
IBM Tivoli Network Manager 6.4.2
IBM / Tivoli Network Manager
|
cpe:/a:ibm:tivoli_network_manager:6.4.2
|
6.4.2 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Spring Framework bietet ein Entwicklungsmodell f\u00fcr Java mit Infrastrukturunterst\u00fctzung auf Anwendungsebene.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in VMware Tanzu Spring Framework ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- NetApp Appliance\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0095 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0095.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0095 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0095"
},
{
"category": "external",
"summary": "VMware Tanzu Vulnerability Report vom 2021-10-26",
"url": "https://pivotal.io/security/cve-2021-22096"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1108 vom 2022-03-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1108"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1110 vom 2022-03-29",
"url": "https://access.redhat.com/errata/RHSA-2022:1110"
},
{
"category": "external",
"summary": "HCL Article KB0097905 vom 2022-05-11",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0097905"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html"
},
{
"category": "external",
"summary": "HCL Article KB0098249 vom 2022-06-04",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098249"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20211125-0005 vom 2022-07-01",
"url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6393 vom 2022-09-08",
"url": "https://access.redhat.com/errata/RHSA-2022:6393"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7001555 vom 2023-06-06",
"url": "https://www.ibm.com/support/pages/node/7001555"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7144861 vom 2024-03-20",
"url": "https://www.ibm.com/support/pages/node/7144861"
}
],
"source_lang": "en-US",
"title": "VMware Tanzu Spring Framework: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2024-03-20T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:26:29.064+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0095",
"initial_release_date": "2021-10-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-10-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-03-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-06-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2022-07-03T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2022-09-08T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-05T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019293",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Plus 10.1",
"product": {
"name": "IBM Spectrum Protect Plus 10.1",
"product_id": "T015895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
},
{
"branches": [
{
"category": "product_version",
"name": "6.4.2",
"product": {
"name": "IBM Tivoli Network Manager 6.4.2",
"product_id": "T027960",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:6.4.2"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "658714",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 5.3.12",
"product": {
"name": "VMware Tanzu Spring Framework \u003c 5.3.12",
"product_id": "T020841"
}
},
{
"category": "product_version_range",
"name": "\u003c 5.2.18",
"product": {
"name": "VMware Tanzu Spring Framework \u003c 5.2.18",
"product_id": "T020842"
}
}
],
"category": "product_name",
"name": "Spring Framework"
}
],
"category": "vendor",
"name": "VMware Tanzu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22096",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in VMware Tanzu Spring Framework. Ein Angreifer kann diese Schwachstelle ausnutzen, um durch b\u00f6swillige Eingaben zus\u00e4tzliche Protokolleintr\u00e4ge hinzuzuf\u00fcgen."
}
],
"product_status": {
"known_affected": [
"67646",
"T019293",
"658714",
"T015895",
"T027960",
"T017562"
]
},
"release_date": "2021-10-26T22:00:00.000+00:00",
"title": "CVE-2021-22096"
}
]
}
WID-SEC-W-2022-0607
Vulnerability from csaf_certbund - Published: 2022-07-07 22:00 - Updated: 2025-11-18 23:00Summary
Red Hat FUSE: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Fuse ist eine Open-Source-Integrationsplattform, die auf Apache Camel basiert.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat FUSE ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuführen, einen Denial of Service Zustand herbeizuführen, Sicherheitsmaßnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat FUSE <7.11.0
Red Hat / FUSE
|
<7.11.0 | ||
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~
|
— | |
|
IBM Spectrum Protect Plus 10.1
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:plus_10.1
|
Plus 10.1 | |
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.1.10
Red Hat / JBoss Enterprise Application Platform
|
<7.1.10 | ||
|
IBM QRadar SIEM
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM QRadar SIEM 7.4
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.4
|
7.4 | |
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Red Hat JBoss Enterprise Application Platform <7.3.13
Red Hat / JBoss Enterprise Application Platform
|
<7.3.13 | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
39 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Fuse ist eine Open-Source-Integrationsplattform, die auf Apache Camel basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat FUSE ausnutzen, um vertrauliche Informationen offenzulegen, beliebigen Code auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten und Informationen zu manipulieren und seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0607 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0607.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0607 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0607"
},
{
"category": "external",
"summary": "RHSA-2022:5532 - Security Advisory vom 2022-07-07",
"url": "https://access.redhat.com/errata/RHSA-2022:5532"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5596 vom 2022-07-20",
"url": "https://access.redhat.com/errata/RHSA-2022:5596"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-125 vom 2022-07-28",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-125/index.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-124 vom 2022-07-28",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-124/index.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5196 vom 2022-07-31",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00165.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:5903 vom 2022-08-04",
"url": "https://access.redhat.com/errata/RHSA-2022:5903"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6787 vom 2022-10-04",
"url": "https://access.redhat.com/errata/RHSA-2022:6787"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6783 vom 2022-10-04",
"url": "https://access.redhat.com/errata/RHSA-2022:6783"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04",
"url": "https://access.redhat.com/errata/RHSA-2022:6782"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6822 vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6822"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6823 vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6825 vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6825"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6821 vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6821"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6813 vom 2022-10-05",
"url": "https://access.redhat.com/errata/RHSA-2022:6813"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6835"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20221014-0006 vom 2022-10-14",
"url": "https://security.netapp.com/advisory/ntap-20221014-0006/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6831855 vom 2022-10-26",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-14/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7177 vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7177"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7257 vom 2022-10-29",
"url": "https://access.redhat.com/errata/RHSA-2022:7257"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-135 vom 2022-11-01",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-135/index.html"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-137 vom 2022-11-01",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-137/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7417 vom 2022-11-03",
"url": "https://access.redhat.com/errata/RHSA-2022:7417"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7409 vom 2022-11-03",
"url": "https://access.redhat.com/errata/RHSA-2022:7409"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7411 vom 2022-11-03",
"url": "https://access.redhat.com/errata/RHSA-2022:7411"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7410 vom 2022-11-03",
"url": "https://access.redhat.com/errata/RHSA-2022:7410"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7896 vom 2022-11-09",
"url": "https://access.redhat.com/errata/RHSA-2022:7896"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8761 vom 2022-12-14",
"url": "https://access.redhat.com/errata/RHSA-2022:8761"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0272 vom 2023-02-06",
"url": "https://access.redhat.com/errata/RHSA-2023:0272"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
"url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
},
{
"category": "external",
"summary": "IBM Security Bulletin 7144861 vom 2024-03-20",
"url": "https://www.ibm.com/support/pages/node/7144861"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3061 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3061"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4226 vom 2025-04-28",
"url": "https://access.redhat.com/errata/RHSA-2025:4226"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4437 vom 2025-05-05",
"url": "https://access.redhat.com/errata/RHSA-2025:4437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9583 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9582 vom 2025-06-25",
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249276 vom 2025-10-27",
"url": "https://www.ibm.com/support/pages/node/7249276"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "Red Hat FUSE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:43.092+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2022-0607",
"initial_release_date": "2022-07-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-07-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-07-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-07-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-07-31T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-08-03T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-04T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2022-10-30T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-31T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-11-03T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-09T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-14T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-03-20T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-27T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "21",
"summary": "Red Hat JBoss Enterprise Application Platform ist ebenfalls betrroffen"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "25"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "IBM QRadar SIEM 7.4",
"product_id": "T024775",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "Plus 10.1",
"product": {
"name": "IBM Spectrum Protect Plus 10.1",
"product_id": "T015895",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:plus_10.1"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "658714",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.11.0",
"product": {
"name": "Red Hat FUSE \u003c7.11.0",
"product_id": "723344"
}
},
{
"category": "product_version",
"name": "7.11.0",
"product": {
"name": "Red Hat FUSE 7.11.0",
"product_id": "723344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:fuse:6.0.0"
}
}
}
],
"category": "product_name",
"name": "FUSE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1.10",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.1.10",
"product_id": "T043205"
}
},
{
"category": "product_version",
"name": "7.1.10",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1.10",
"product_id": "T043205-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.13",
"product_id": "T043288"
}
},
{
"category": "product_version",
"name": "7.3.13",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.13",
"product_id": "T043288-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.13"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15250",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2020-15250"
},
{
"cve": "CVE-2020-25689",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2020-25689"
},
{
"cve": "CVE-2020-29582",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2020-29582"
},
{
"cve": "CVE-2020-36518",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2020-7020",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2020-7020"
},
{
"cve": "CVE-2020-9484",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2020-9484"
},
{
"cve": "CVE-2021-22060",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-22060"
},
{
"cve": "CVE-2021-22096",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-22096"
},
{
"cve": "CVE-2021-22119",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-22119"
},
{
"cve": "CVE-2021-22569",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-22569"
},
{
"cve": "CVE-2021-22573",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-22573"
},
{
"cve": "CVE-2021-24122",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-2471",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-2471"
},
{
"cve": "CVE-2021-25122",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-29505",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-29505"
},
{
"cve": "CVE-2021-30640",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-33813",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-33813"
},
{
"cve": "CVE-2021-35515",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-35515"
},
{
"cve": "CVE-2021-35516",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-35516"
},
{
"cve": "CVE-2021-35517",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-35517"
},
{
"cve": "CVE-2021-36090",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2021-3629",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-3629"
},
{
"cve": "CVE-2021-3642",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-3642"
},
{
"cve": "CVE-2021-3644",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-3644"
},
{
"cve": "CVE-2021-3807",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-38153",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-38153"
},
{
"cve": "CVE-2021-3859",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-3859"
},
{
"cve": "CVE-2021-40690",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-40690"
},
{
"cve": "CVE-2021-41079",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-41766",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-41766"
},
{
"cve": "CVE-2021-4178",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-4178"
},
{
"cve": "CVE-2021-42340",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-42340"
},
{
"cve": "CVE-2021-42550",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-42550"
},
{
"cve": "CVE-2021-43797",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-43797"
},
{
"cve": "CVE-2021-43859",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2021-43859"
},
{
"cve": "CVE-2022-0084",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-0084"
},
{
"cve": "CVE-2022-1259",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-1259"
},
{
"cve": "CVE-2022-1319",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-1319"
},
{
"cve": "CVE-2022-21363",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-21363"
},
{
"cve": "CVE-2022-21724",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-21724"
},
{
"cve": "CVE-2022-22932",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22932"
},
{
"cve": "CVE-2022-22950",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22950"
},
{
"cve": "CVE-2022-22968",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22968"
},
{
"cve": "CVE-2022-22970",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22970"
},
{
"cve": "CVE-2022-22971",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22971"
},
{
"cve": "CVE-2022-22976",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22976"
},
{
"cve": "CVE-2022-22978",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-22978"
},
{
"cve": "CVE-2022-23181",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-23221",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-23221"
},
{
"cve": "CVE-2022-23596",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-23596"
},
{
"cve": "CVE-2022-23913",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-23913"
},
{
"cve": "CVE-2022-24614",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-24614"
},
{
"cve": "CVE-2022-25845",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-25845"
},
{
"cve": "CVE-2022-26336",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-26336"
},
{
"cve": "CVE-2022-26520",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-26520"
},
{
"cve": "CVE-2022-30126",
"product_status": {
"known_affected": [
"67646",
"723344",
"658714",
"T015895",
"T017562",
"T022954",
"T014381",
"2951",
"T043205",
"T021415",
"T024775",
"T048677",
"T048676",
"T043288",
"T048675"
]
},
"release_date": "2022-07-07T22:00:00.000+00:00",
"title": "CVE-2022-30126"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…