Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-46143 (GCVE-0-2021-46143)
Vulnerability from cvelistv5 – Published: 2022-01-06 03:48 – Updated: 2025-05-05 16:44
VLAI
EPSS
Summary
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
Severity
8.1 (High)
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/libexpat/libexpat/issues/532 | x_refsource_MISC |
| https://github.com/libexpat/libexpat/pull/538 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2022012… | x_refsource_CONFIRM |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisoryx_refsource_DEBIAN |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:02:11.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/issues/532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/538"
},
{
"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0006/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"name": "DSA-5073",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46143",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:17:07.341792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:44:58.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libexpat/libexpat/issues/532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libexpat/libexpat/pull/538"
},
{
"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220121-0006/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"name": "DSA-5073",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libexpat/libexpat/issues/532",
"refsource": "MISC",
"url": "https://github.com/libexpat/libexpat/issues/532"
},
{
"name": "https://github.com/libexpat/libexpat/pull/538",
"refsource": "MISC",
"url": "https://github.com/libexpat/libexpat/pull/538"
},
{
"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220121-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220121-0006/"
},
{
"name": "https://www.tenable.com/security/tns-2022-05",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"name": "DSA-5073",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "GLSA-202209-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46143",
"datePublished": "2022-01-06T03:48:26.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:44:58.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-46143",
"date": "2026-05-27",
"epss": "0.04193",
"percentile": "0.88866"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-46143\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-01-06T04:15:07.017\",\"lastModified\":\"2025-05-05T17:17:28.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.\"},{\"lang\":\"es\",\"value\":\"En la funci\u00f3n doProlog en el archivo xmlparse.c en Expat (tambi\u00e9n se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.3\",\"matchCriteriaId\":\"7A2FBF20-7B2C-49FF-83F8-1EF903078751\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BE572F-45C1-467F-918F-FB1276F6B495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE7C6010-F736-4BDA-9E3B-C4370BBFA149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"646FFC2B-6DC4-4BD8-AAE0-81895D397700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire_\\\\\u0026_hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D700C5-F67F-4FFB-BE69-D524592A3D2E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.15.3\",\"matchCriteriaId\":\"C42F5145-1F37-40E2-AD83-495F7012BC3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.1.1\",\"matchCriteriaId\":\"112367D4-EF51-4050-834C-7E887A5C52D9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1\",\"matchCriteriaId\":\"98CC9C9A-FE14-4D50-A8EC-C309229356C8\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/17/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/issues/532\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/538\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202209-24\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220121-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5073\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-05\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/17/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/issues/532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202209-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220121-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/issues/532\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/538\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/01/17/3\", \"name\": \"[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220121-0006/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-05\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5073\", \"name\": \"DSA-5073\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"name\": \"GLSA-202209-24\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:02:11.585Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46143\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:17:07.341792Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:17:19.083Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/issues/532\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/538\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/01/17/3\", \"name\": \"[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220121-0006/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-05\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5073\", \"name\": \"DSA-5073\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"name\": \"GLSA-202209-24\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-09-29T16:07:00.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"attackVector\": \"NETWORK\", \"vectorString\": \"CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/libexpat/libexpat/issues/532\", \"name\": \"https://github.com/libexpat/libexpat/issues/532\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/libexpat/libexpat/pull/538\", \"name\": \"https://github.com/libexpat/libexpat/pull/538\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/01/17/3\", \"name\": \"[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes\", \"refsource\": \"MLIST\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220121-0006/\", \"name\": \"https://security.netapp.com/advisory/ntap-20220121-0006/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.tenable.com/security/tns-2022-05\", \"name\": \"https://www.tenable.com/security/tns-2022-05\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5073\", \"name\": \"DSA-5073\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"name\": \"GLSA-202209-24\", \"refsource\": \"GENTOO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-46143\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-46143\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T16:44:58.649Z\", \"dateReserved\": \"2022-01-06T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-01-06T03:48:26.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2022:0951
Vulnerability from osv_almalinux
Published
2022-03-16 00:00
Modified
2022-06-30 09:52
Summary
Important: expat security update
Details
Expat is a C library for parsing XML documents. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) * expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "expat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.5-8.el8_6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "expat-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.5-8.el8_6.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Expat is a C library for parsing XML documents.\nSecurity Fix(es):\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0951",
"modified": "2022-06-30T09:52:09Z",
"published": "2022-03-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044451"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044455"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044457"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044464"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044467"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044479"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044484"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044488"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044613"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2056363"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2056366"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2056370"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-0951.html"
}
],
"related": [
"CVE-2022-25235",
"CVE-2022-25236",
"CVE-2022-25315",
"CVE-2021-45960",
"CVE-2021-46143",
"CVE-2022-22822",
"CVE-2022-22823",
"CVE-2022-22824",
"CVE-2022-22825",
"CVE-2022-22826",
"CVE-2022-22827",
"CVE-2022-23852"
],
"summary": "Important: expat security update"
}
alsa-2022:7692
Vulnerability from osv_almalinux
Published
2022-11-08 00:00
Modified
2022-11-14 17:34
Summary
Moderate: xmlrpc-c security update
Details
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
- expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
- expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
- expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
- expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
- expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
- expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
- expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xmlrpc-c"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.51.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xmlrpc-c-c++"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.51.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xmlrpc-c-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.51.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xmlrpc-c-client++"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.51.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xmlrpc-c-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.51.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.\n\nSecurity Fix(es):\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:7692",
"modified": "2022-11-14T17:34:42Z",
"published": "2022-11-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044455"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044457"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044464"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044467"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044479"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044484"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2044488"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7692.html"
}
],
"related": [
"CVE-2021-46143",
"CVE-2022-22822",
"CVE-2022-22823",
"CVE-2022-22824",
"CVE-2022-22825",
"CVE-2022-22826",
"CVE-2022-22827"
],
"summary": "Moderate: xmlrpc-c security update"
}
BDU:2022-01052
Vulnerability from fstec - Published: 10.01.2022
VLAI
Title
Уязвимость функции doProlog (xmlparse.c) библиотеки Expat, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость функции doProlog файла xmlparse.c библиотеки Expat связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., ООО «Ред Софт», James Clark, АО «ИВК», IBM Corp., АО "НППКТ", АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС», ООО «Открытая мобильная платформа»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), OpenSUSE Leap, РЕД ОС (запись в едином реестре российских программ №3751), Expat, Альт 8 СП (запись в едином реестре российских программ №4305), IBM Cloud Pak System, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ROSA Virtualization (запись в едином реестре российских программ №5091), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), до 2.4.3 (Expat), - (Альт 8 СП), до 2.3.3.5 (IBM Cloud Pak System), 4.7 (Astra Linux Special Edition), до 2.4.3 (ОСОН ОСнова Оnyx), 2.1 (ROSA Virtualization), до 16.01.2023 (ОС ОН «Стрелец»), до 5.1.4 включительно (ОС Аврора)
Possible Mitigations
Использование рекомендаций:
Для библиотеки Expat:
Обновление программного обеспечения до версии 2.4.3 и выше
Для программных продуктов Novell Inc:
https://www.suse.com/security/cve/CVE-2021-46143.html
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-46143
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-46143
Для программных продуктов IBM Corp.:
https://www.ibm.com/support/pages/node/6612587
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для ОСОН Основа:
Обновление программного обеспечения expat до версии 2.2.6-2+deb10u3
Для Astra Linux Special Edition 4.7 (для архитектуры ARM):
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет expat до 2.2.0-2+deb9u5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения expat до версии 2.2.0-2+deb9u5
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2777
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2840
Для ОС Аврора: https://cve.omp.ru/bb27514
Reference
http://www.openwall.com/lists/oss-security/2022/01/17/3
https://github.com/libexpat/libexpat/issues/532
https://github.com/libexpat/libexpat/pull/538
https://security.netapp.com/advisory/ntap-20220121-0006/
https://www.tenable.com/security/tns-2022-05
https://security-tracker.debian.org/tracker/CVE-2021-46143
https://access.redhat.com/security/cve/cve-2021-46143
https://www.suse.com/security/cve/CVE-2021-46143.html
https://nvd.nist.gov/vuln/detail/CVE-2021-46143
https://www.ibm.com/support/pages/node/6612587
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.3/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosa.ru/advisories/ROSA-SA-2025-2777
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://abf.rosa.ru/advisories/ROSA-SA-2025-2840
https://cve.omp.ru/bb27514
CWE
CWE-190
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, James Clark, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, IBM Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), \u0434\u043e 2.4.3 (Expat), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.3.3.5 (IBM Cloud Pak System), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.4.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 2.1 (ROSA Virtualization), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), \u0434\u043e 5.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Expat:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.3 \u0438 \u0432\u044b\u0448\u0435\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc:\nhttps://www.suse.com/security/cve/CVE-2021-46143.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-46143\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2021-46143\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6612587\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f expat \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.2.6-2+deb10u3\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 (\u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM):\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 expat \u0434\u043e 2.2.0-2+deb9u5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f expat \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.2.0-2+deb9u5\n\n\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2777\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2840\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb27514",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.01.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.03.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01052",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-46143",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), OpenSUSE Leap, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Expat, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), IBM Cloud Pak System, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.4.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 doProlog (xmlparse.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Expat, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 doProlog \u0444\u0430\u0439\u043b\u0430 xmlparse.c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Expat \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.openwall.com/lists/oss-security/2022/01/17/3\nhttps://github.com/libexpat/libexpat/issues/532\nhttps://github.com/libexpat/libexpat/pull/538\nhttps://security.netapp.com/advisory/ntap-20220121-0006/ \t\nhttps://www.tenable.com/security/tns-2022-05\nhttps://security-tracker.debian.org/tracker/CVE-2021-46143\nhttps://access.redhat.com/security/cve/cve-2021-46143\nhttps://www.suse.com/security/cve/CVE-2021-46143.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46143\nhttps://www.ibm.com/support/pages/node/6612587\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.3/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2777\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2840\nhttps://cve.omp.ru/bb27514",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
CERTFR-2022-AVI-134
Vulnerability from certfr_avis - Published: 2022-02-10 - Updated: 2022-02-10
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions 10.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus versions 8.x ant\u00e9rieures \u00e0 8.15.3",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"initial_release_date": "2022-02-10T00:00:00",
"last_revision_date": "2022-02-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-134",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-05 du 08 f\u00e9vrier 2022",
"url": "https://www.tenable.com/security/tns-2022-05"
}
]
}
CERTFR-2022-AVI-187
Vulnerability from certfr_avis - Published: 2022-02-25 - Updated: 2022-02-25
De multiples vulnérabilités ont été découvertes dans le serveur HTTP d'IBM WebSphere. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM HTTP Server versions 9.0.0.0 à 9.0.5.10 sans le correctif de sécurité temporaire PH43122, la version 9.0.5.11 devrait être disponible au premier trimestre 2022 | ||
| IBM | WebSphere | IBM HTTP Server versions 8.5.0.0 à 8.5.5.21 sans le correctif de sécurité temporaire PH43122, la version 8.5.5.22 devrait être disponible au troisième trimestre 2022 | ||
| IBM | WebSphere | IBM HTTP Server versions 8.0.0.0 à 8.0.0.15 sans le correctif de sécurité temporaire PH43122 | ||
| IBM | WebSphere | IBM HTTP Server versions 7.0.0.0 à 7.0.0.45 sans le correctif de sécurité temporaire PH43122 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM HTTP Server versions 9.0.0.0 \u00e0 9.0.5.10 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122, la version 9.0.5.11 devrait \u00eatre disponible au premier trimestre 2022",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 8.5.0.0 \u00e0 8.5.5.21 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122, la version 8.5.5.22 devrait \u00eatre disponible au troisi\u00e8me trimestre 2022",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 8.0.0.0 \u00e0 8.0.0.15 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 7.0.0.0 \u00e0 7.0.0.45 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"initial_release_date": "2022-02-25T00:00:00",
"last_revision_date": "2022-02-25T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-187",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u00a0le serveur HTTP\nd\u0027IBM WebSphere. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le serveur HTTP d\u0027IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6559296 du 24 f\u00e9vrier 2022",
"url": "https://www.ibm.com/support/pages/node/6559296"
}
]
}
CERTFR-2022-AVI-201
Vulnerability from certfr_avis - Published: 2022-03-03 - Updated: 2022-03-03
De multiples vulnérabilités ont été découvertes dans IBM WebSphere. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM HTTP Server utilisé par IBM WebSphere Application Server versions 9.0.x.x antérieures à 9.0.5.11 | ||
| IBM | WebSphere | IBM HTTP Server utilisé par IBM WebSphere Application Server versions 7.0.0.x antérieures à 7.0.0.45 sans le correctif PH43122 | ||
| IBM | WebSphere | IBM HTTP Server utilisé par IBM WebSphere Application Server versions 8.0.0.x antérieures à 8.0.0.15 sans le correctif PH43122 | ||
| IBM | WebSphere | IBM HTTP Server utilisé par IBM WebSphere Application Server versions 8.5.x.x antérieures à 8.5.5.22 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 9.0.x.x ant\u00e9rieures \u00e0 9.0.5.11",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 7.0.0.x ant\u00e9rieures \u00e0 7.0.0.45 sans le correctif PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 8.0.0.x ant\u00e9rieures \u00e0 8.0.0.15 sans le correctif PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 8.5.x.x ant\u00e9rieures \u00e0 8.5.5.22",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"initial_release_date": "2022-03-03T00:00:00",
"last_revision_date": "2022-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-201",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM WebSphere.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6559296 du 02 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6559296"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6560814 du 02 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6560814"
}
]
}
CERTFR-2022-AVI-487
Vulnerability from certfr_avis - Published: 2022-05-23 - Updated: 2022-05-23
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- IBM TXSeries for Multiplatforms versions 9.1.x sans le correctif de sécurité TXSeries_91_SpecialFIX_Liberty_042022
- IBM TXSeries for Multiplatforms versions 8.2.x sans le correctif de sécurité TXSeries_82_SpecialFIX_Liberty_042022
- IBM Tivoli Monitoring versions 6.3.0.x antérieures à 6.3.0.7 Fix Pack 7 Service Pack 12
- IBM Cloud Private versions 3.1.0.x
- IBM Cloud Private versions 3.1.1.x
- IBM Cloud Private versions 3.1.2.x
- IBM Cloud Private versions 3.2.0.x
- IBM Cloud Private versions 3.2.1.x antérieures à 3.2.1.2203
- IBM Cloud Private versions 3.2.2.x antérieures à 3.2.2.2203
L'éditeur ne propose pas de correctif pour les versions IBM Cloud Private 3.1.0, 3.1.1, 3.1.2 et 3.2.0 et conseille une mise à jour à la dernière version CD (Continuous Delivery) IBM Cloud Private 3.2.2.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eIBM TXSeries for Multiplatforms versions 9.1.x sans le correctif de s\u00e9curit\u00e9 TXSeries_91_SpecialFIX_Liberty_042022\u003c/li\u003e \u003cli\u003eIBM TXSeries for Multiplatforms versions 8.2.x sans le correctif de s\u00e9curit\u00e9 TXSeries_82_SpecialFIX_Liberty_042022\u003c/li\u003e \u003cli\u003eIBM Tivoli Monitoring versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.7 Fix Pack 7 Service Pack 12\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.0.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.1.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.2.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.0.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.1.x ant\u00e9rieures \u00e0 3.2.1.2203\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.2.x ant\u00e9rieures \u00e0 3.2.2.2203\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de correctif pour les versions IBM Cloud Private 3.1.0, 3.1.1, 3.1.2 et 3.2.0 et conseille une mise \u00e0 jour \u00e0 la derni\u00e8re version CD (Continuous Delivery) IBM Cloud Private 3.2.2.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"initial_release_date": "2022-05-23T00:00:00",
"last_revision_date": "2022-05-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-487",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6587154 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6587154"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588169 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588149 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588149"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6587158 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6587158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588167 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588167"
}
]
}
CERTFR-2022-AVI-547
Vulnerability from certfr_avis - Published: 2022-06-15 - Updated: 2022-06-15
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions antérieures à V2.6.6 | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions | ||
| Siemens | N/A | TALON TC Compact (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF650R (6GT2811-6AB20) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SIMATIC RF610R (6GT2811-6BC10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | EN100 Ethernet module IEC 104 variant toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential ARM (6MD7881-2AA30) versions antérieures à V2.6.6 | ||
| Siemens | N/A | SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions | ||
| Siemens | N/A | Teamcenter V12.4 versions antérieures à V12.4.0.13 | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module IEC 61850 variant versions antérieures à V4.37 | ||
| Siemens | N/A | Xpedition Designer versions antérieures à X.2.11 | ||
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antérieures à V3.0 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module Modbus TCP variant toutes versions | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions | ||
| Siemens | N/A | SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SINAUT Software ST7sc toutes versions | ||
| Siemens | N/A | SIMATIC STEP 7 V5.X toutes versions | ||
| Siemens | N/A | SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.0.1 | ||
| Siemens | N/A | Teamcenter V13.0 versions antérieures à V13.0.0.9 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1626 (6GK1162-6AA01) toutes versions | ||
| Siemens | N/A | TIA Portal V15 toutes versions | ||
| Siemens | N/A | SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V14 toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions | ||
| Siemens | N/A | RUGGEDCOM CROSSBOW Station Access Controller toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential Intel (6MD7881-2AA40) versions antérieures à V2.6.6 | ||
| Siemens | N/A | TIA Portal V16 toutes versions | ||
| Siemens | N/A | SIMATIC PDM toutes versions | ||
| Siemens | N/A | Spectrum Power 4 toutes versions using Shared HIS | ||
| Siemens | N/A | SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC NET PC Software V16 toutes versions | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV540 H (6GF3540-0GE10) toutes versions | ||
| Siemens | N/A | SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SINUMERIK Edge versions antérieures à V3.3.0 | ||
| Siemens | N/A | SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions antérieures à V2.0 | ||
| Siemens | N/A | Spectrum Power MGMS toutes versions using Shared HIS | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions | ||
| Siemens | N/A | Teamcenter V13.2 toutes versions | ||
| Siemens | N/A | SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions antérieures à V1.1 | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX Series toutes versions | ||
| Siemens | N/A | SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module PROFINET IO variant toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | TIA Portal Cloud toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC Logon toutes versions | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 S (6GF3550-0CD10) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 H (6GF3550-0GE10) toutes versions | ||
| Siemens | N/A | TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 8 compatible) versions antérieures à 2.2.2 | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions | ||
| Siemens | N/A | Teamcenter V13.3 versions antérieures à V13.3.0.3 | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | Teamcenter Active Workspace V6.0 versions antérieures à V6.0.3 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions | ||
| Siemens | N/A | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | Mendix SAML Module (Mendix 7 compatible) versions antérieures à 1.16.6 | ||
| Siemens | N/A | EN100 Ethernet module DNP3 IP variant toutes versions | ||
| Siemens | N/A | SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | Industrial Edge - PROFINET IO Connector toutes versions | ||
| Siemens | N/A | SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROS Series toutes versions | ||
| Siemens | N/A | TIA Portal V17 toutes versions | ||
| Siemens | N/A | TALON TC Modular (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SIMATIC PCS 7 TeleControl toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) versions antérieures à V3.5 | ||
| Siemens | N/A | SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions | ||
| Siemens | N/A | SIMATIC RF685R (6GT2811-6CA10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SINEMA Server V14 toutes versions | ||
| Siemens | N/A | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | SIMATIC RF680R (6GT2811-6AA10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SIMATIC MV560 U (6GF3560-0LE10) toutes versions | ||
| Siemens | N/A | Industrial Edge - SIMATIC S7 Connector App versions antérieures à V1.7.0 | ||
| Siemens | N/A | SINEC INS toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | TIA Administrator toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | TeleControl Server Basic V3 toutes versions | ||
| Siemens | N/A | SINAUT ST7CC toutes versions | ||
| Siemens | N/A | SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC NET PC Software V17 toutes versions | ||
| Siemens | N/A | Spectrum Power 7 toutes versions using Shared HIS | ||
| Siemens | N/A | SIMATIC MV560 X (6GF3560-0HE10) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller (incl. F) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à 3.0 SP2 | ||
| Siemens | N/A | Industrial Edge - OPC UA Connector toutes versions | ||
| Siemens | N/A | Teamcenter Active Workspace V5.2 versions antérieures à V5.2.9 | ||
| Siemens | N/A | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | SINEC NMS toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 9 compatible) versions antérieures à 3.2.3 | ||
| Siemens | N/A | Teamcenter V14.0 toutes versions | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions | ||
| Siemens | N/A | SIMATIC RF615R (6GT2811-6CC10) versions antérieures à V4.0.1 | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions | ||
| Siemens | N/A | SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.0.1 | ||
| Siemens | N/A | SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions antérieures à V6.5 | ||
| Siemens | N/A | SIMATIC CP 1628 (6GK1162-8AA00) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions antérieures à V2.6.6 | ||
| Siemens | N/A | Teamcenter V13.1 versions antérieures à V13.1.0.9 | ||
| Siemens | N/A | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions antérieures à V2.3.1 | ||
| Siemens | N/A | SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV540 S (6GF3540-0CD10) toutes versions | ||
| Siemens | N/A | SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions | ||
| Siemens | N/A | SIMATIC PCS neo toutes versions | ||
| Siemens | N/A | RUGGEDCOM NMS toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF650R (6GT2811-6AB20) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF610R (6GT2811-6BC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 104 variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential ARM (6MD7881-2AA30) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 61850 variant versions ant\u00e9rieures \u00e0 V4.37",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Xpedition Designer versions ant\u00e9rieures \u00e0 X.2.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module Modbus TCP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT Software ST7sc toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5.X toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1626 (6GK1162-6AA01) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM CROSSBOW Station Access Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential Intel (6MD7881-2AA40) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 4 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power MGMS toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module PROFINET IO variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V6.0 versions ant\u00e9rieures \u00e0 V6.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 1.16.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module DNP3 IP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - PROFINET IO Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROS Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 TeleControl toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF685R (6GT2811-6CA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF680R (6GT2811-6AA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - SIMATIC S7 Connector App versions ant\u00e9rieures \u00e0 V1.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT ST7CC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 7 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller (incl. F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - OPC UA Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V14.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF615R (6GT2811-6CC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 (6GK1162-8AA00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32285"
},
{
"name": "CVE-2022-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32286"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2021-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
},
{
"name": "CVE-2022-32258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32258"
},
{
"name": "CVE-2021-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2022-30231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30231"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2022-32254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32254"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-32145",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32145"
},
{
"name": "CVE-2022-32259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32259"
},
{
"name": "CVE-2022-32262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32262"
},
{
"name": "CVE-2017-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
},
{
"name": "CVE-2022-32255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32255"
},
{
"name": "CVE-2020-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-32252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32252"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-37182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37182"
},
{
"name": "CVE-2020-9272",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9272"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-26476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26476"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2022-30228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30228"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
},
{
"name": "CVE-2022-32251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32251"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2021-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
},
{
"name": "CVE-2022-30230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30230"
},
{
"name": "CVE-2020-9273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9273"
},
{
"name": "CVE-2022-30229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30229"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-29034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29034"
},
{
"name": "CVE-2022-30937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30937"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27219"
},
{
"name": "CVE-2022-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27221"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-31619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31619"
},
{
"name": "CVE-2022-32261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32261"
},
{
"name": "CVE-2022-32260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32260"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2022-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27220"
},
{
"name": "CVE-2022-31465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31465"
},
{
"name": "CVE-2017-9946",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2022-32253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32253"
},
{
"name": "CVE-2022-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32256"
},
{
"name": "CVE-2021-37209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
}
],
"initial_release_date": "2022-06-15T00:00:00",
"last_revision_date": "2022-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-547",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148078 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-148078.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-220589 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-220589.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-988345 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-988345.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-484086 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330556 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-330556.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145224 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145224.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-685781 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-685781.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-693555 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693555.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-911567 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-911567.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-401167 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-401167.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712929 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-679335 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-679335.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388239 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-388239.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-631336 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-631336.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740594 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-740594.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-222547 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222547.html"
}
]
}
CERTFR-2022-AVI-611
Vulnerability from certfr_avis - Published: 2022-07-06 - Updated: 2022-07-06
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.4.x antérieures à 7.4.3 Patch 5 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.5.x antérieures à 7.5.0 Update Package 2 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.3.x antérieures à 7.3.3 Patch 11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar Network Packet Capture versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Patch 5",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Package 2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Patch 11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"initial_release_date": "2022-07-06T00:00:00",
"last_revision_date": "2022-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-611",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6601293 du 05 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6601293"
}
]
}
CERTFR-2022-AVI-663
Vulnerability from certfr_avis - Published: 2022-07-20 - Updated: 2022-07-20
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar versions 5.4.0.x versions ant\u00e9rieures \u00e0 5.4.0.16",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar versions 5.5.0.x versions ant\u00e9rieures \u00e0 5.5.0.11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"initial_release_date": "2022-07-20T00:00:00",
"last_revision_date": "2022-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-663",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6605299 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6605299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6441625 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6441625"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…