Vulnerability-Lookup

CVE-2021-41186 (GCVE-0-2021-41186)

Vulnerability from cvelistv5 – Published: 2021-10-29 13:40 – Updated: 2024-08-04 03:08

Title

ReDoS vulnerability in parser_apache2

Summary

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/fluent/fluentd/security/adviso…	x_refsource_CONFIRM
https://github.com/fluent/fluentd/blob/master/CHA…	x_refsource_MISC
https://github.com/github/securitylab-vulnerabili…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
fluent	fluentd	Affected: >= 0.14.14, < 1.14.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:08:31.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fluentd",
          "vendor": "fluent",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.14.14, \u003c 1.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-29T13:40:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
        }
      ],
      "source": {
        "advisory": "GHSA-hwhf-64mh-r662",
        "discovery": "UNKNOWN"
      },
      "title": "ReDoS vulnerability in parser_apache2",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41186",
          "STATE": "PUBLIC",
          "TITLE": "ReDoS vulnerability in parser_apache2"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "fluentd",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 0.14.14, \u003c 1.14.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "fluent"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662",
              "refsource": "CONFIRM",
              "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
            },
            {
              "name": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142",
              "refsource": "MISC",
              "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
            },
            {
              "name": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md",
              "refsource": "MISC",
              "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-hwhf-64mh-r662",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41186",
    "datePublished": "2021-10-29T13:40:10.000Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T03:08:31.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-41186",
      "date": "2026-05-28",
      "epss": "0.00486",
      "percentile": "0.65624"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-41186\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-10-29T14:15:07.730\",\"lastModified\":\"2024-11-21T06:25:42.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).\"},{\"lang\":\"es\",\"value\":\"Fluentd recoge eventos de varias fuentes de datos y los escribe en archivos para ayudar a unificar la infraestructura de registro. El plugin parser_apache2 en Fluentd versiones v0.14.14 hasta v1.14.1 sufre una vulnerabilidad de denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS). Un registro de apache roto con un determinado patr\u00f3n de cadena puede pasar demasiado tiempo en una expresi\u00f3n regular, resultando en un potencial de un ataque DoS. Este problema est\u00e1 parcheado en la versi\u00f3n 1.14.2. Se presentan dos soluciones disponibles. O bien no usar parser_apache2 para analizar los registros (que no pueden ser garantizados por Apache), o poner la versi\u00f3n parcheada de parser_apache2.rb en el directorio /etc/fluent/plugin (o cualquier otro directorio especificado por la variable de entorno \\\"FLUENT_PLUGIN\\\" o \\\"--plugin\\\" de fluentd)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.14.14\",\"versionEndIncluding\":\"1.14.1\",\"matchCriteriaId\":\"4AE50BF8-39BA-4467-AA78-83E6BDAD86FF\"}]}]}],\"references\":[{\"url\":\"https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
  }
}

OPENSUSE-SU-2026:10346-1

Vulnerability from csaf_opensuse - Published: 2026-03-13 00:00 - Updated: 2026-03-13 00:00

Summary

ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media

Severity

Moderate

Notes

Title of the patch: ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media

Description of the patch: These are all security issues fixed in the ruby4.0-rubygem-fluentd-1.17.1-1.5 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10346

CVE-2021-41186

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64	—	Vendor Fix

Threats

Impact moderate

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2021-41186/	self
https://www.suse.com/security/cve/CVE-2021-41186	external
https://bugzilla.suse.com/1192262	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the ruby4.0-rubygem-fluentd-1.17.1-1.5 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10346",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10346-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41186 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41186/"
      }
    ],
    "title": "ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media",
    "tracking": {
      "current_release_date": "2026-03-13T00:00:00Z",
      "generator": {
        "date": "2026-03-13T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10346-1",
      "initial_release_date": "2026-03-13T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-03-13T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64",
                "product": {
                  "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64",
                  "product_id": "ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le",
                "product": {
                  "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le",
                  "product_id": "ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x",
                "product": {
                  "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x",
                  "product_id": "ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64",
                "product": {
                  "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64",
                  "product_id": "ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64"
        },
        "product_reference": "ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le"
        },
        "product_reference": "ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x"
        },
        "product_reference": "ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64"
        },
        "product_reference": "ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-41186",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41186"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64",
          "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le",
          "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x",
          "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41186",
          "url": "https://www.suse.com/security/cve/CVE-2021-41186"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192262 for CVE-2021-41186",
          "url": "https://bugzilla.suse.com/1192262"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64",
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le",
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x",
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.aarch64",
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.ppc64le",
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.s390x",
            "openSUSE Tumbleweed:ruby4.0-rubygem-fluentd-1.17.1-1.5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-13T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-41186"
    }
  ]
}

WID-SEC-W-2025-0001

Vulnerability from csaf_certbund - Published: 2025-01-01 23:00 - Updated: 2025-11-18 23:00

Summary

IBM DB2: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff: Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2021-32740

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41186

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-0759

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24795

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-31163

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-39325

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-41993

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-45283

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-45288

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-6597

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-0406

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-20918

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-20952

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-2398

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-24786

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-27281

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-2961

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-29857

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-33599

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-33883

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-37370

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-37371

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-37890

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-39338

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-4068

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-41110

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-41123

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-41946

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-45296

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-45491

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-45590

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-47220

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-47554

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-6119

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2024-6345

Affected products

Known affected 13 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 on Cloud Pak for Data IBM / DB2	`cpe:/a:ibm:db2:on_cloud_pak_for_data`	on Cloud Pak for Data
IBM DB2 Warehouse <5.1.0 IBM / DB2		Warehouse <5.1.0
IBM DB2 <5.1.0 IBM / DB2		<5.1.0
IBM Spectrum Protect Plus <10.1.6.4 IBM / Spectrum Protect Plus		<10.1.6.4
IBM Cognos Analytics <11.2.4 IF4 IBM / Cognos Analytics		<11.2.4 IF4
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
IBM Cognos Analytics <12.0.4 IF2 IBM / Cognos Analytics		<12.0.4 IF2
IBM Spectrum Protect Plus <10.1.17.1 IBM / Spectrum Protect Plus		<10.1.17.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

References

10 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7180105	external
https://www.ibm.com/support/pages/node/7180361	external
https://access.redhat.com/errata/RHSA-2025:1227	external
https://www.ibm.com/support/pages/node/7183676	external
https://www.ibm.com/support/pages/node/7229443	external
https://www.ibm.com/support/pages/node/7237702	external
https://www.ibm.com/support/pages/node/7249276	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0001 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0001.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0001 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0001"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-01-01",
        "url": "https://www.ibm.com/support/pages/node/7180105"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7180361 vom 2025-01-07",
        "url": "https://www.ibm.com/support/pages/node/7180361"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1227 vom 2025-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:1227"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7183676 vom 2025-02-27",
        "url": "https://www.ibm.com/support/pages/node/7183676"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7229443 vom 2025-03-28",
        "url": "https://www.ibm.com/support/pages/node/7229443"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7237702 vom 2025-06-24",
        "url": "https://www.ibm.com/support/pages/node/7237702"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7249276 vom 2025-10-27",
        "url": "https://www.ibm.com/support/pages/node/7249276"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:37:09.985+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-0001",
      "initial_release_date": "2025-01-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-06T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-02-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-27T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-03-30T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-06-23T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-10-27T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.1",
                "product": {
                  "name": "Atlassian Confluence \u003c10.1.1",
                  "product_id": "T048680"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.1",
                "product": {
                  "name": "Atlassian Confluence 10.1.1",
                  "product_id": "T048680-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Confluence \u003c10.0.2",
                  "product_id": "T048685"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Confluence 10.0.2",
                  "product_id": "T048685-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Confluence \u003c9.2.7",
                  "product_id": "T048686"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Confluence 9.2.7",
                  "product_id": "T048686-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.25",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.25",
                  "product_id": "T048687"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.25",
                "product": {
                  "name": "Atlassian Confluence 8.5.25",
                  "product_id": "T048687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.25"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.0.4 IF2",
                "product": {
                  "name": "IBM Cognos Analytics \u003c12.0.4 IF2",
                  "product_id": "T041469"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.4 IF2",
                "product": {
                  "name": "IBM Cognos Analytics 12.0.4 IF2",
                  "product_id": "T041469-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:cognos_analytics:12.0.4_if2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.2.4 IF4",
                "product": {
                  "name": "IBM Cognos Analytics \u003c11.2.4 IF4",
                  "product_id": "T041470"
                }
              },
              {
                "category": "product_version",
                "name": "11.2.4 IF4",
                "product": {
                  "name": "IBM Cognos Analytics 11.2.4 IF4",
                  "product_id": "T041470-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:cognos_analytics:11.2.4_if4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Cognos Analytics"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.1.0",
                "product": {
                  "name": "IBM DB2 \u003c5.1.0",
                  "product_id": "T039987"
                }
              },
              {
                "category": "product_version",
                "name": "5.1.0",
                "product": {
                  "name": "IBM DB2 5.1.0",
                  "product_id": "T039987-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:5.1.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Warehouse \u003c5.1.0",
                "product": {
                  "name": "IBM DB2 Warehouse \u003c5.1.0",
                  "product_id": "T039988"
                }
              },
              {
                "category": "product_version",
                "name": "Warehouse 5.1.0",
                "product": {
                  "name": "IBM DB2 Warehouse 5.1.0",
                  "product_id": "T039988-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:warehouse__5.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "on Cloud Pak for Data",
                "product": {
                  "name": "IBM DB2 on Cloud Pak for Data",
                  "product_id": "T042208",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:on_cloud_pak_for_data"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "category": "product_name",
            "name": "IBM QRadar SIEM",
            "product": {
              "name": "IBM QRadar SIEM",
              "product_id": "T021415",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:qradar_siem:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.6.4",
                "product": {
                  "name": "IBM Spectrum Protect Plus \u003c10.1.6.4",
                  "product_id": "T040030"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.6.4",
                "product": {
                  "name": "IBM Spectrum Protect Plus 10.1.6.4",
                  "product_id": "T040030-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.17.1",
                "product": {
                  "name": "IBM Spectrum Protect Plus \u003c10.1.17.1",
                  "product_id": "T044782"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.17.1",
                "product": {
                  "name": "IBM Spectrum Protect Plus 10.1.17.1",
                  "product_id": "T044782-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.17.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spectrum Protect Plus"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-32740",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2021-32740"
    },
    {
      "cve": "CVE-2021-41186",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2021-41186"
    },
    {
      "cve": "CVE-2022-0759",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2022-0759"
    },
    {
      "cve": "CVE-2022-24795",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2022-24795"
    },
    {
      "cve": "CVE-2022-31163",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2022-31163"
    },
    {
      "cve": "CVE-2023-39325",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2023-39325"
    },
    {
      "cve": "CVE-2023-41993",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2023-41993"
    },
    {
      "cve": "CVE-2023-45283",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2023-45283"
    },
    {
      "cve": "CVE-2023-45288",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2023-45288"
    },
    {
      "cve": "CVE-2023-6597",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2023-6597"
    },
    {
      "cve": "CVE-2024-0406",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-0406"
    },
    {
      "cve": "CVE-2024-20918",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-20918"
    },
    {
      "cve": "CVE-2024-20952",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-20952"
    },
    {
      "cve": "CVE-2024-2398",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-2398"
    },
    {
      "cve": "CVE-2024-24786",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-24786"
    },
    {
      "cve": "CVE-2024-27281",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-27281"
    },
    {
      "cve": "CVE-2024-2961",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-2961"
    },
    {
      "cve": "CVE-2024-29857",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-29857"
    },
    {
      "cve": "CVE-2024-33599",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-33599"
    },
    {
      "cve": "CVE-2024-33883",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-33883"
    },
    {
      "cve": "CVE-2024-37370",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-37370"
    },
    {
      "cve": "CVE-2024-37371",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-37890",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-37890"
    },
    {
      "cve": "CVE-2024-39338",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-39338"
    },
    {
      "cve": "CVE-2024-4068",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-4068"
    },
    {
      "cve": "CVE-2024-41110",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-41110"
    },
    {
      "cve": "CVE-2024-41123",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-41123"
    },
    {
      "cve": "CVE-2024-41946",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-41946"
    },
    {
      "cve": "CVE-2024-45296",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-45296"
    },
    {
      "cve": "CVE-2024-45491",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-45491"
    },
    {
      "cve": "CVE-2024-45590",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-45590"
    },
    {
      "cve": "CVE-2024-47220",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-47220"
    },
    {
      "cve": "CVE-2024-47554",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-6119",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-6119"
    },
    {
      "cve": "CVE-2024-6345",
      "product_status": {
        "known_affected": [
          "67646",
          "T048680",
          "T042208",
          "T039988",
          "T039987",
          "T040030",
          "T041470",
          "T021415",
          "T048685",
          "T041469",
          "T044782",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2025-01-01T23:00:00.000+00:00",
      "title": "CVE-2024-6345"
    }
  ]
}

WID-SEC-W-2025-1088

Vulnerability from csaf_certbund - Published: 2021-10-28 22:00 - Updated: 2025-05-18 22:00

Summary

Fluentd: Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Produktbeschreibung: Fluentd ist ein Open-Source Datenkollektor für eine vereinheitlichte Protokollierungsschicht.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fluentd ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - Sonstiges - UNIX - Windows

CVE-2021-41186

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Open Source Fluentd <1.14.2 Open Source / Fluentd		<1.14.2

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.fluentd.org/blog/fluentd-v1.14.2-has-…	external
https://lists.opensuse.org/archives/list/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Fluentd ist ein Open-Source Datenkollektor f\u00fcr eine vereinheitlichte Protokollierungsschicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fluentd ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1088 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2025-1088.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1088 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1088"
      },
      {
        "category": "external",
        "summary": "Fluentd Security Advisory vom 2021-10-28",
        "url": "https://www.fluentd.org/blog/fluentd-v1.14.2-has-been-released"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15115-1 vom 2025-05-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WIPFBYYKQWWOA7STXAOX3HXCCSJWJEXF/"
      }
    ],
    "source_lang": "en-US",
    "title": "Fluentd: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-05-18T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-19T08:27:30.318+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1088",
      "initial_release_date": "2021-10-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-10-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.14.2",
                "product": {
                  "name": "Open Source Fluentd \u003c1.14.2",
                  "product_id": "T020859"
                }
              },
              {
                "category": "product_version",
                "name": "1.14.2",
                "product": {
                  "name": "Open Source Fluentd 1.14.2",
                  "product_id": "T020859-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fluentd:fluentd:1.14.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fluentd"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-41186",
      "product_status": {
        "known_affected": [
          "T027843",
          "T020859"
        ]
      },
      "release_date": "2021-10-28T22:00:00.000+00:00",
      "title": "CVE-2021-41186"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-41186 (GCVE-0-2021-41186)

OPENSUSE-SU-2026:10346-1

WID-SEC-W-2025-0001

WID-SEC-W-2025-1088

Tags

Sightings

Nomenclature