Vulnerability-Lookup

CVE-2022-31129 (GCVE-0-2022-31129)

Vulnerability from cvelistv5 – Published: 2022-07-06 00:00 – Updated: 2025-11-03 21:46

Title

Inefficient Regular Expression Complexity in moment

Summary

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

10 references

URL	Tags
https://github.com/moment/moment/security/advisor…
https://github.com/moment/moment/pull/6015#issuec…
https://github.com/moment/moment/commit/9a3b5894f…
https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9c…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2022101…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Impacted products

1 product

Vendor	Product	Version
moment	moment	Affected: >= 2.18.0, < 2.29.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:46:17.025Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/moment/moment/pull/6015#issuecomment-1152961973"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/"
          },
          {
            "name": "FEDORA-2022-85aa8e5706",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/"
          },
          {
            "name": "FEDORA-2022-35b698150c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/"
          },
          {
            "name": "FEDORA-2022-b9ef7c3c3c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/"
          },
          {
            "name": "FEDORA-2022-798fd95813",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221014-0003/"
          },
          {
            "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31129",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:27.412408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T17:52:04.488Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moment",
          "vendor": "moment",
          "versions": [
            {
              "status": "affected",
              "version": " \u003e= 2.18.0, \u003c 2.29.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-31T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        },
        {
          "url": "https://github.com/moment/moment/pull/6015#issuecomment-1152961973"
        },
        {
          "url": "https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3"
        },
        {
          "url": "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/"
        },
        {
          "name": "FEDORA-2022-85aa8e5706",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/"
        },
        {
          "name": "FEDORA-2022-35b698150c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/"
        },
        {
          "name": "FEDORA-2022-b9ef7c3c3c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/"
        },
        {
          "name": "FEDORA-2022-798fd95813",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221014-0003/"
        },
        {
          "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html"
        }
      ],
      "source": {
        "advisory": "GHSA-wc69-rhjr-hc9g",
        "discovery": "UNKNOWN"
      },
      "title": "Inefficient Regular Expression Complexity in moment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31129",
    "datePublished": "2022-07-06T00:00:00.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-11-03T21:46:17.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-31129",
      "date": "2026-05-29",
      "epss": "0.0311",
      "percentile": "0.87045"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-31129\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-07-06T18:15:19.570\",\"lastModified\":\"2025-11-03T22:15:58.440\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.\"},{\"lang\":\"es\",\"value\":\"moment es una biblioteca de fechas en JavaScript para analizar, comprobar, manipular y formatear fechas. Se ha detectado que las versiones afectadas de moment usan un algoritmo de an\u00e1lisis sint\u00e1ctico ineficiente. Concretamente, el an\u00e1lisis sint\u00e1ctico de cadena a fecha en moment (m\u00e1s concretamente el an\u00e1lisis sint\u00e1ctico rfc2822, que es intentado por defecto) presenta una complejidad cuadr\u00e1tica (N^2) en entradas espec\u00edficas. Los usuarios pueden notar una notable ralentizaci\u00f3n con entradas de m\u00e1s de 10k caracteres. Los usuarios que pasan cadenas proporcionadas por el usuario sin comprobaciones de longitud de cordura al constructor del momento son vulnerables a ataques (Re)DoS. El problema est\u00e1 parcheado en versi\u00f3n 2.29.4, el parche puede aplicarse a todas las versiones afectadas con un m\u00ednimo ajuste. Es recomendado a usuarios actualicen. Los usuarios que no puedan actualizar deber\u00edan considerar la posibilidad de limitar la longitud de las fechas aceptadas por el usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:momentjs:moment:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"2.18.0\",\"versionEndExcluding\":\"2.29.4\",\"matchCriteriaId\":\"DBD8FD43-29F8-46F1-BEB0-B92B8BAEDAB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:momentjs:moment:*:*:*:*:*:nuget:*:*\",\"versionStartIncluding\":\"2.18.0\",\"versionEndExcluding\":\"2.29.4\",\"matchCriteriaId\":\"CAFF05BC-030E-49D6-A23D-A86D4731A748\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/moment/moment/pull/6015#issuecomment-1152961973\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20221014-0003/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/moment/moment/pull/6015#issuecomment-1152961973\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20221014-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20241108-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/moment/moment/pull/6015#issuecomment-1152961973\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/\", \"name\": \"FEDORA-2022-85aa8e5706\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/\", \"name\": \"FEDORA-2022-35b698150c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/\", \"name\": \"FEDORA-2022-b9ef7c3c3c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/\", \"name\": \"FEDORA-2022-798fd95813\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221014-0003/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html\", \"name\": \"[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241108-0002/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:46:17.025Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-31129\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:40:27.412408Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:40:29.167Z\"}}], \"cna\": {\"title\": \"Inefficient Regular Expression Complexity in moment\", \"source\": {\"advisory\": \"GHSA-wc69-rhjr-hc9g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"moment\", \"product\": \"moment\", \"versions\": [{\"status\": \"affected\", \"version\": \" \u003e= 2.18.0, \u003c 2.29.4\"}]}], \"references\": [{\"url\": \"https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g\"}, {\"url\": \"https://github.com/moment/moment/pull/6015#issuecomment-1152961973\"}, {\"url\": \"https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3\"}, {\"url\": \"https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/\", \"name\": \"FEDORA-2022-85aa8e5706\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/\", \"name\": \"FEDORA-2022-35b698150c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/\", \"name\": \"FEDORA-2022-b9ef7c3c3c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/\", \"name\": \"FEDORA-2022-798fd95813\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221014-0003/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html\", \"name\": \"[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-01-31T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-31129\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:46:17.025Z\", \"dateReserved\": \"2022-05-18T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-07-06T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

RHSA-2023:1047

Vulnerability from csaf_redhat - Published: 2023-03-01 21:46 - Updated: 2026-05-14 22:33

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update

Severity

Important

Notes

Topic: A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) * keycloak: path traversal via double URL encoding (CVE-2022-3782) * RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * keycloak: minimist: prototype pollution (CVE-2021-44906) * keycloak: missing email notification template allowlist (CVE-2022-1274) * keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750) * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091) This erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use within the Red Hat OpenShift Container Platform (from the release of 3.11 up to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2019-11358

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.

5.6 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-11022

A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-44906

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1274

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1438

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1471

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-2764

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.

4.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-3782

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-3916

A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-384 - Session Fixation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 - Incorrect Default Permissions

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-24785

A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2022-25857

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-31129

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-37603

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-185 - Incorrect Regular Expression

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38749

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38750

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38751

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-40149

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-40150

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-42003

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-42004

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-45047

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2022-45693

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46175

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46363

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46364

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-0091

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.

3.8 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-0264

A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.

4.6 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-303 - Incorrect Implementation of Authentication Algorithm

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x	—	Vendor Fix fix

Threats

Impact Moderate

References

175 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1047	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1601614	external
https://bugzilla.redhat.com/show_bug.cgi?id=1601617	external
https://bugzilla.redhat.com/show_bug.cgi?id=1701972	external
https://bugzilla.redhat.com/show_bug.cgi?id=1828406	external
https://bugzilla.redhat.com/show_bug.cgi?id=2031904	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2073157	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117506	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129706	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129707	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129709	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135770	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135771	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138971	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141404	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143416	external
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158585	external
https://bugzilla.redhat.com/show_bug.cgi?id=2160585	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1601614	external
https://www.cve.org/CVERecord?id=CVE-2018-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2018-14040	external
https://access.redhat.com/security/cve/CVE-2018-14042	self
https://bugzilla.redhat.com/show_bug.cgi?id=1601617	external
https://www.cve.org/CVERecord?id=CVE-2018-14042	external
https://nvd.nist.gov/vuln/detail/CVE-2018-14042	external
https://access.redhat.com/security/cve/CVE-2019-11358	self
https://bugzilla.redhat.com/show_bug.cgi?id=1701972	external
https://www.cve.org/CVERecord?id=CVE-2019-11358	external
https://nvd.nist.gov/vuln/detail/CVE-2019-11358	external
https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…	external
https://www.drupal.org/sa-core-2019-006	external
https://access.redhat.com/security/cve/CVE-2020-11022	self
https://bugzilla.redhat.com/show_bug.cgi?id=1828406	external
https://www.cve.org/CVERecord?id=CVE-2020-11022	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11022	external
https://github.com/advisories/GHSA-gxr4-xjj5-5px2	external
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2021-44906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://www.cve.org/CVERecord?id=CVE-2021-44906	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44906	external
https://github.com/advisories/GHSA-xvch-5gv4-984h	external
https://access.redhat.com/security/cve/CVE-2022-1274	self
https://bugzilla.redhat.com/show_bug.cgi?id=2073157	external
https://www.cve.org/CVERecord?id=CVE-2022-1274	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1274	external
https://github.com/keycloak/keycloak/security/adv…	external
https://access.redhat.com/security/cve/CVE-2022-1438	self
https://bugzilla.redhat.com/show_bug.cgi?id=2031904	external
https://www.cve.org/CVERecord?id=CVE-2022-1438	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1438	external
https://access.redhat.com/security/cve/CVE-2022-1471	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
https://www.cve.org/CVERecord?id=CVE-2022-1471	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1471	external
https://github.com/google/security-research/secur…	external
https://access.redhat.com/security/cve/CVE-2022-2764	self
https://bugzilla.redhat.com/show_bug.cgi?id=2117506	external
https://www.cve.org/CVERecord?id=CVE-2022-2764	external
https://nvd.nist.gov/vuln/detail/CVE-2022-2764	external
https://access.redhat.com/security/cve/CVE-2022-3782	self
https://bugzilla.redhat.com/show_bug.cgi?id=2138971	external
https://www.cve.org/CVERecord?id=CVE-2022-3782	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3782	external
https://access.redhat.com/security/cve/CVE-2022-3916	self
https://bugzilla.redhat.com/show_bug.cgi?id=2141404	external
https://www.cve.org/CVERecord?id=CVE-2022-3916	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3916	external
https://access.redhat.com/security/cve/CVE-2022-4039	self
https://bugzilla.redhat.com/show_bug.cgi?id=2143416	external
https://www.cve.org/CVERecord?id=CVE-2022-4039	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4039	external
https://access.redhat.com/security/cve/CVE-2022-24785	self
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://www.cve.org/CVERecord?id=CVE-2022-24785	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24785	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-25857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://www.cve.org/CVERecord?id=CVE-2022-25857	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25857	external
https://bitbucket.org/snakeyaml/snakeyaml/issues/525	external
https://access.redhat.com/security/cve/CVE-2022-31129	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://www.cve.org/CVERecord?id=CVE-2022-31129	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31129	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-37603	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://www.cve.org/CVERecord?id=CVE-2022-37603	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37603	external
https://access.redhat.com/security/cve/CVE-2022-38749	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129706	external
https://www.cve.org/CVERecord?id=CVE-2022-38749	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38749	external
https://access.redhat.com/security/cve/CVE-2022-38750	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129707	external
https://www.cve.org/CVERecord?id=CVE-2022-38750	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38750	external
https://access.redhat.com/security/cve/CVE-2022-38751	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129709	external
https://www.cve.org/CVERecord?id=CVE-2022-38751	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38751	external
https://access.redhat.com/security/cve/CVE-2022-40149	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135771	external
https://www.cve.org/CVERecord?id=CVE-2022-40149	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40149	external
https://github.com/jettison-json/jettison/release…	external
https://access.redhat.com/security/cve/CVE-2022-40150	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135770	external
https://www.cve.org/CVERecord?id=CVE-2022-40150	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40150	external
https://access.redhat.com/security/cve/CVE-2022-42003	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://www.cve.org/CVERecord?id=CVE-2022-42003	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42003	external
https://access.redhat.com/security/cve/CVE-2022-42004	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://www.cve.org/CVERecord?id=CVE-2022-42004	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42004	external
https://access.redhat.com/security/cve/CVE-2022-45047	self
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://www.cve.org/CVERecord?id=CVE-2022-45047	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45047	external
https://www.mail-archive.com/dev@mina.apache.org/…	external
https://access.redhat.com/security/cve/CVE-2022-45693	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
https://www.cve.org/CVERecord?id=CVE-2022-45693	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45693	external
https://access.redhat.com/security/cve/CVE-2022-46175	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://www.cve.org/CVERecord?id=CVE-2022-46175	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46175	external
https://github.com/json5/json5/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2022-46363	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://www.cve.org/CVERecord?id=CVE-2022-46363	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46363	external
https://lists.apache.org/thread/pdzo1qgyplf4y523t…	external
https://access.redhat.com/security/cve/CVE-2022-46364	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://www.cve.org/CVERecord?id=CVE-2022-46364	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46364	external
https://cxf.apache.org/security-advisories.data/C…	external
https://access.redhat.com/security/cve/CVE-2023-0091	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158585	external
https://www.cve.org/CVERecord?id=CVE-2023-0091	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0091	external
https://github.com/keycloak/keycloak/security/adv…	external
https://github.com/keycloak/security/issues/27	external
https://access.redhat.com/security/cve/CVE-2023-0264	self
https://bugzilla.redhat.com/show_bug.cgi?id=2160585	external
https://www.cve.org/CVERecord?id=CVE-2023-0264	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0264	external

Acknowledgments

usd AG Marcus Nilsson

SISOFT s.c. Grzegorz Tworek

Trifork Peter Flintholm

Red Hat Thibault Guittet

https://github.com/souravs17031999 Sourav Kumar

A1 Digital Jordi Zayuelas i Muñoz

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new image is available for Red Hat Single Sign-On 7.6.2, running on Red\nHat OpenShift Container Platform from the release of 3.11 up to the release\nof 4.12.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* RH-SSO for OpenShift images: unsecured management interface exposed to adjacent network (CVE-2022-4039)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: XSS on izmpersonation under specific circumstances (CVE-2022-1438)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.2 for use\nwithin the Red Hat OpenShift Container Platform (from the release of 3.11\nup to the release of 4.12.0) cloud computing Platform-as-a-Service (PaaS)\nfor on-premise or private cloud deployments, aligning with the standalone\nproduct release.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1047",
        "url": "https://access.redhat.com/errata/RHSA-2023:1047"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1601614",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
      },
      {
        "category": "external",
        "summary": "1601617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
      },
      {
        "category": "external",
        "summary": "1701972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
      },
      {
        "category": "external",
        "summary": "1828406",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
      },
      {
        "category": "external",
        "summary": "2031904",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
      },
      {
        "category": "external",
        "summary": "2066009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
      },
      {
        "category": "external",
        "summary": "2072009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
      },
      {
        "category": "external",
        "summary": "2073157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
      },
      {
        "category": "external",
        "summary": "2105075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
      },
      {
        "category": "external",
        "summary": "2117506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
      },
      {
        "category": "external",
        "summary": "2126789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
      },
      {
        "category": "external",
        "summary": "2129706",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
      },
      {
        "category": "external",
        "summary": "2129707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
      },
      {
        "category": "external",
        "summary": "2129709",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
      },
      {
        "category": "external",
        "summary": "2135244",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
      },
      {
        "category": "external",
        "summary": "2135247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
      },
      {
        "category": "external",
        "summary": "2135770",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
      },
      {
        "category": "external",
        "summary": "2135771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
      },
      {
        "category": "external",
        "summary": "2138971",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
      },
      {
        "category": "external",
        "summary": "2140597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
      },
      {
        "category": "external",
        "summary": "2141404",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
      },
      {
        "category": "external",
        "summary": "2143416",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416"
      },
      {
        "category": "external",
        "summary": "2145194",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
      },
      {
        "category": "external",
        "summary": "2150009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
      },
      {
        "category": "external",
        "summary": "2155681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
      },
      {
        "category": "external",
        "summary": "2155682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
      },
      {
        "category": "external",
        "summary": "2155970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
      },
      {
        "category": "external",
        "summary": "2156263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2158585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
      },
      {
        "category": "external",
        "summary": "2160585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1047.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-14T22:33:03+00:00",
      "generator": {
        "date": "2026-05-14T22:33:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2023:1047",
      "initial_release_date": "2023-03-01T21:46:46+00:00",
      "revision_history": [
        {
          "date": "2023-03-01T21:46:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-01T21:46:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-14T22:33:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Middleware Containers for OpenShift",
                "product": {
                  "name": "Middleware Containers for OpenShift",
                  "product_id": "8Base-RHOSE-Middleware",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21?arch=s390x\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60?arch=ppc64le\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8\u0026tag=7.6-20"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64 as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-14040",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-07-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1601614"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1601614",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
        }
      ],
      "release_date": "2018-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
    },
    {
      "cve": "CVE-2018-14042",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-07-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1601617"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14042"
        },
        {
          "category": "external",
          "summary": "RHBZ#1601617",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
        }
      ],
      "release_date": "2018-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
    },
    {
      "cve": "CVE-2019-11358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-03-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1701972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "RHBZ#1701972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
          "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
        },
        {
          "category": "external",
          "summary": "https://www.drupal.org/sa-core-2019-006",
          "url": "https://www.drupal.org/sa-core-2019-006"
        }
      ],
      "release_date": "2019-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
    },
    {
      "cve": "CVE-2020-11022",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828406"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828406",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
          "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
        }
      ],
      "release_date": "2020-04-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
    },
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2021-44906",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2066009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimist: prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2066009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
        }
      ],
      "release_date": "2022-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimist: prototype pollution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Marcus Nilsson"
          ],
          "organization": "usd AG"
        }
      ],
      "cve": "CVE-2022-1274",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-04-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2073157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: HTML injection in execute-actions-email Admin REST API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "RHBZ#2073157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725",
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725"
        }
      ],
      "release_date": "2023-02-28T18:57:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: HTML injection in execute-actions-email Admin REST API"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Grzegorz Tworek"
          ],
          "organization": "SISOFT s.c."
        }
      ],
      "cve": "CVE-2022-1438",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2031904"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: XSS on impersonation under specific circumstances",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1438"
        },
        {
          "category": "external",
          "summary": "RHBZ#2031904",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438"
        }
      ],
      "release_date": "2023-02-28T18:56:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: XSS on impersonation under specific circumstances"
    },
    {
      "cve": "CVE-2022-1471",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
          "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
        }
      ],
      "release_date": "2022-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
    },
    {
      "cve": "CVE-2022-2764",
      "discovery_date": "2022-08-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2117506"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2764"
        },
        {
          "category": "external",
          "summary": "RHBZ#2117506",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764"
        }
      ],
      "release_date": "2022-08-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations"
    },
    {
      "cve": "CVE-2022-3782",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-10-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2138971"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path traversal via double URL encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3782"
        },
        {
          "category": "external",
          "summary": "RHBZ#2138971",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
        }
      ],
      "release_date": "2022-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path traversal via double URL encoding"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Peter Flintholm"
          ],
          "organization": "Trifork"
        }
      ],
      "cve": "CVE-2022-3916",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2022-11-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2141404"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Session takeover with OIDC offline refreshtokens",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3916"
        },
        {
          "category": "external",
          "summary": "RHBZ#2141404",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916"
        }
      ],
      "release_date": "2022-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Session takeover with OIDC offline refreshtokens"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Thibault Guittet"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2022-4039",
      "cwe": {
        "id": "CWE-276",
        "name": "Incorrect Default Permissions"
      },
      "discovery_date": "2022-11-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2143416"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rhsso-container-image: unsecured management interface exposed to adjecent network",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4039"
        },
        {
          "category": "external",
          "summary": "RHBZ#2143416",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143416"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4039"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4039",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4039"
        }
      ],
      "release_date": "2023-02-28T21:26:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rhsso-container-image: unsecured management interface exposed to adjecent network"
    },
    {
      "cve": "CVE-2022-24785",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-04-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2072009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Moment.js: Path traversal  in moment.locale",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Quay 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "RHBZ#2072009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        }
      ],
      "release_date": "2022-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        },
        {
          "category": "workaround",
          "details": "Sanitize the user-provided locale name before passing it to Moment.js.",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Moment.js: Path traversal  in moment.locale"
    },
    {
      "cve": "CVE-2022-25857",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-09-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2126789"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2126789",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
        }
      ],
      "release_date": "2022-08-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
    },
    {
      "cve": "CVE-2022-31129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105075"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moment: inefficient parsing algorithm resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105075",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        }
      ],
      "release_date": "2022-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "moment: inefficient parsing algorithm resulting in DoS"
    },
    {
      "cve": "CVE-2022-37603",
      "cwe": {
        "id": "CWE-185",
        "name": "Incorrect Regular Expression"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
        }
      ],
      "release_date": "2022-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: Regular expression denial of service"
    },
    {
      "cve": "CVE-2022-38749",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129706"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38749"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129706",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
    },
    {
      "cve": "CVE-2022-38750",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38750"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
    },
    {
      "cve": "CVE-2022-38751",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129709"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38751"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129709",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
    },
    {
      "cve": "CVE-2022-40149",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: parser crash by stackoverflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
          "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
        }
      ],
      "release_date": "2022-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jettison: parser crash by stackoverflow"
    },
    {
      "cve": "CVE-2022-40150",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135770"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: memory exhaustion via user-supplied XML or JSON data",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135770",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
          "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
        }
      ],
      "release_date": "2022-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jettison: memory exhaustion via user-supplied XML or JSON data"
    },
    {
      "cve": "CVE-2022-42003",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135244"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135244",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
    },
    {
      "cve": "CVE-2022-42004",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135247"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: use of deeply nested arrays",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135247",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: use of deeply nested arrays"
    },
    {
      "cve": "CVE-2022-45047",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2145194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd: Java unsafe deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2145194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
          "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
        }
      ],
      "release_date": "2022-11-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        },
        {
          "category": "workaround",
          "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mina-sshd: Java unsafe deserialization vulnerability"
    },
    {
      "cve": "CVE-2022-45693",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155970"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155970",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
    },
    {
      "cve": "CVE-2022-46175",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json5: Prototype Pollution in JSON5 via Parse Method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
          "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
        }
      ],
      "release_date": "2022-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    },
    {
      "cve": "CVE-2022-46363",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: directory listing / code exfiltration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
          "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CXF: directory listing / code exfiltration"
    },
    {
      "cve": "CVE-2022-46364",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155682"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: SSRF Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155682",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
          "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CXF: SSRF Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Sourav Kumar"
          ],
          "organization": "https://github.com/souravs17031999",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0091",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-10-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158585"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Client Registration endpoint does not check token revocation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158585",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg",
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/security/issues/27",
          "url": "https://github.com/keycloak/security/issues/27"
        }
      ],
      "release_date": "2022-10-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Client Registration endpoint does not check token revocation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jordi Zayuelas i Mu\u00f1oz"
          ],
          "organization": "A1 Digital",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0264",
      "cwe": {
        "id": "CWE-303",
        "name": "Incorrect Implementation of Authentication Algorithm"
      },
      "discovery_date": "2023-01-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2160585"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: user impersonation via stolen uuid code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#2160585",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264"
        }
      ],
      "release_date": "2023-02-28T18:58:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:46:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1047"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:10450cf7e28d9b1628e95867562763019181a9a980e6e465fe69faf056a1cb60_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:19520720c6ff7acbfb4c8b1bc0d9353c2205bb640405f1d08f70ee14061f190f_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:77e19865fa9031305daa8c9872eb273c6442748a9cd3d6628309721fbf781c21_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: user impersonation via stolen uuid code"
    }
  ]
}

RHSA-2023:1049

Vulnerability from csaf_redhat - Published: 2023-03-01 21:58 - Updated: 2026-05-25 14:25

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * keycloak: missing email notification template allowlist (CVE-2022-1274) * keycloak: minimist: prototype pollution (CVE-2021-44906) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764) * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) * loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) * keycloak: path traversal via double URL encoding (CVE-2022-3782) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749) * snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751) * snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750) * keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091) * keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175) * keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264) * snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) * CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364) * rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693) * sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * keycloak: reflected XSS attack (CVE-2022-4137) * Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2019-11358

5.6 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-11022

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-11023

A flaw was found in jQuery. HTML containing \<option\> elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Moderate

CVE-2021-35065

A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-44906

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1274

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1438

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-1471

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-2237

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-2764

4.2 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-3782

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-3916

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-384 - Session Fixation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-4137

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-81 - Improper Neutralization of Script in an Error Message Web Page

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-24785

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2022-25857

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2022-37603

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-185 - Incorrect Regular Expression

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38749

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38750

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-38751

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-40149

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-40150

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-42003

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-42004

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-45047

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2022-45693

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46175

A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2022-46363

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2022-46364

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Important

CVE-2023-0091

3.8 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-0264

4.6 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-303 - Incorrect Implementation of Authentication Algorithm

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Single Sign-On 7 Red Hat / Red Hat Single Sign-On	`cpe:/a:redhat:red_hat_single_sign_on:7.6`	—	Vendor Fix fix

Threats

Impact Moderate

References

186 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1049	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1601614	external
https://bugzilla.redhat.com/show_bug.cgi?id=1601617	external
https://bugzilla.redhat.com/show_bug.cgi?id=1701972	external
https://bugzilla.redhat.com/show_bug.cgi?id=1828406	external
https://bugzilla.redhat.com/show_bug.cgi?id=2031904	external
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2073157	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097007	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://bugzilla.redhat.com/show_bug.cgi?id=2117506	external
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129706	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129707	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129709	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135770	external
https://bugzilla.redhat.com/show_bug.cgi?id=2135771	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138971	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141404	external
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://bugzilla.redhat.com/show_bug.cgi?id=2148496	external
https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158585	external
https://bugzilla.redhat.com/show_bug.cgi?id=2160585	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-14040	self
https://bugzilla.redhat.com/show_bug.cgi?id=1601614	external
https://www.cve.org/CVERecord?id=CVE-2018-14040	external
https://nvd.nist.gov/vuln/detail/CVE-2018-14040	external
https://access.redhat.com/security/cve/CVE-2018-14042	self
https://bugzilla.redhat.com/show_bug.cgi?id=1601617	external
https://www.cve.org/CVERecord?id=CVE-2018-14042	external
https://nvd.nist.gov/vuln/detail/CVE-2018-14042	external
https://access.redhat.com/security/cve/CVE-2019-11358	self
https://bugzilla.redhat.com/show_bug.cgi?id=1701972	external
https://www.cve.org/CVERecord?id=CVE-2019-11358	external
https://nvd.nist.gov/vuln/detail/CVE-2019-11358	external
https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…	external
https://www.drupal.org/sa-core-2019-006	external
https://access.redhat.com/security/cve/CVE-2020-11022	self
https://bugzilla.redhat.com/show_bug.cgi?id=1828406	external
https://www.cve.org/CVERecord?id=CVE-2020-11022	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11022	external
https://github.com/advisories/GHSA-gxr4-xjj5-5px2	external
https://access.redhat.com/security/cve/CVE-2020-11023	self
https://bugzilla.redhat.com/show_bug.cgi?id=1850004	external
https://www.cve.org/CVERecord?id=CVE-2020-11023	external
https://nvd.nist.gov/vuln/detail/CVE-2020-11023	external
https://blog.jquery.com/2020/04/10/jquery-3-5-0-r…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external
https://access.redhat.com/security/cve/CVE-2021-35065	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156324	external
https://www.cve.org/CVERecord?id=CVE-2021-35065	external
https://nvd.nist.gov/vuln/detail/CVE-2021-35065	external
https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-…	external
https://access.redhat.com/security/cve/CVE-2021-44906	self
https://bugzilla.redhat.com/show_bug.cgi?id=2066009	external
https://www.cve.org/CVERecord?id=CVE-2021-44906	external
https://nvd.nist.gov/vuln/detail/CVE-2021-44906	external
https://github.com/advisories/GHSA-xvch-5gv4-984h	external
https://access.redhat.com/security/cve/CVE-2022-1274	self
https://bugzilla.redhat.com/show_bug.cgi?id=2073157	external
https://www.cve.org/CVERecord?id=CVE-2022-1274	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1274	external
https://github.com/keycloak/keycloak/security/adv…	external
https://access.redhat.com/security/cve/CVE-2022-1438	self
https://bugzilla.redhat.com/show_bug.cgi?id=2031904	external
https://www.cve.org/CVERecord?id=CVE-2022-1438	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1438	external
https://access.redhat.com/security/cve/CVE-2022-1471	self
https://bugzilla.redhat.com/show_bug.cgi?id=2150009	external
https://www.cve.org/CVERecord?id=CVE-2022-1471	external
https://nvd.nist.gov/vuln/detail/CVE-2022-1471	external
https://github.com/google/security-research/secur…	external
https://access.redhat.com/security/cve/CVE-2022-2237	self
https://bugzilla.redhat.com/show_bug.cgi?id=2097007	external
https://www.cve.org/CVERecord?id=CVE-2022-2237	external
https://nvd.nist.gov/vuln/detail/CVE-2022-2237	external
https://access.redhat.com/security/cve/CVE-2022-2764	self
https://bugzilla.redhat.com/show_bug.cgi?id=2117506	external
https://www.cve.org/CVERecord?id=CVE-2022-2764	external
https://nvd.nist.gov/vuln/detail/CVE-2022-2764	external
https://access.redhat.com/security/cve/CVE-2022-3782	self
https://bugzilla.redhat.com/show_bug.cgi?id=2138971	external
https://www.cve.org/CVERecord?id=CVE-2022-3782	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3782	external
https://access.redhat.com/security/cve/CVE-2022-3916	self
https://bugzilla.redhat.com/show_bug.cgi?id=2141404	external
https://www.cve.org/CVERecord?id=CVE-2022-3916	external
https://nvd.nist.gov/vuln/detail/CVE-2022-3916	external
https://access.redhat.com/security/cve/CVE-2022-4137	self
https://bugzilla.redhat.com/show_bug.cgi?id=2148496	external
https://www.cve.org/CVERecord?id=CVE-2022-4137	external
https://nvd.nist.gov/vuln/detail/CVE-2022-4137	external
https://access.redhat.com/security/cve/CVE-2022-24785	self
https://bugzilla.redhat.com/show_bug.cgi?id=2072009	external
https://www.cve.org/CVERecord?id=CVE-2022-24785	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24785	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-25857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2126789	external
https://www.cve.org/CVERecord?id=CVE-2022-25857	external
https://nvd.nist.gov/vuln/detail/CVE-2022-25857	external
https://bitbucket.org/snakeyaml/snakeyaml/issues/525	external
https://access.redhat.com/security/cve/CVE-2022-31129	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://www.cve.org/CVERecord?id=CVE-2022-31129	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31129	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-37603	self
https://bugzilla.redhat.com/show_bug.cgi?id=2140597	external
https://www.cve.org/CVERecord?id=CVE-2022-37603	external
https://nvd.nist.gov/vuln/detail/CVE-2022-37603	external
https://access.redhat.com/security/cve/CVE-2022-38749	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129706	external
https://www.cve.org/CVERecord?id=CVE-2022-38749	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38749	external
https://access.redhat.com/security/cve/CVE-2022-38750	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129707	external
https://www.cve.org/CVERecord?id=CVE-2022-38750	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38750	external
https://access.redhat.com/security/cve/CVE-2022-38751	self
https://bugzilla.redhat.com/show_bug.cgi?id=2129709	external
https://www.cve.org/CVERecord?id=CVE-2022-38751	external
https://nvd.nist.gov/vuln/detail/CVE-2022-38751	external
https://access.redhat.com/security/cve/CVE-2022-40149	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135771	external
https://www.cve.org/CVERecord?id=CVE-2022-40149	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40149	external
https://github.com/jettison-json/jettison/release…	external
https://access.redhat.com/security/cve/CVE-2022-40150	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135770	external
https://www.cve.org/CVERecord?id=CVE-2022-40150	external
https://nvd.nist.gov/vuln/detail/CVE-2022-40150	external
https://access.redhat.com/security/cve/CVE-2022-42003	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135244	external
https://www.cve.org/CVERecord?id=CVE-2022-42003	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42003	external
https://access.redhat.com/security/cve/CVE-2022-42004	self
https://bugzilla.redhat.com/show_bug.cgi?id=2135247	external
https://www.cve.org/CVERecord?id=CVE-2022-42004	external
https://nvd.nist.gov/vuln/detail/CVE-2022-42004	external
https://access.redhat.com/security/cve/CVE-2022-45047	self
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://www.cve.org/CVERecord?id=CVE-2022-45047	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45047	external
https://www.mail-archive.com/dev@mina.apache.org/…	external
https://access.redhat.com/security/cve/CVE-2022-45693	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155970	external
https://www.cve.org/CVERecord?id=CVE-2022-45693	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45693	external
https://access.redhat.com/security/cve/CVE-2022-46175	self
https://bugzilla.redhat.com/show_bug.cgi?id=2156263	external
https://www.cve.org/CVERecord?id=CVE-2022-46175	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46175	external
https://github.com/json5/json5/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2022-46363	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155681	external
https://www.cve.org/CVERecord?id=CVE-2022-46363	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46363	external
https://lists.apache.org/thread/pdzo1qgyplf4y523t…	external
https://access.redhat.com/security/cve/CVE-2022-46364	self
https://bugzilla.redhat.com/show_bug.cgi?id=2155682	external
https://www.cve.org/CVERecord?id=CVE-2022-46364	external
https://nvd.nist.gov/vuln/detail/CVE-2022-46364	external
https://cxf.apache.org/security-advisories.data/C…	external
https://access.redhat.com/security/cve/CVE-2023-0091	self
https://bugzilla.redhat.com/show_bug.cgi?id=2158585	external
https://www.cve.org/CVERecord?id=CVE-2023-0091	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0091	external
https://github.com/keycloak/keycloak/security/adv…	external
https://github.com/keycloak/security/issues/27	external
https://access.redhat.com/security/cve/CVE-2023-0264	self
https://bugzilla.redhat.com/show_bug.cgi?id=2160585	external
https://www.cve.org/CVERecord?id=CVE-2023-0264	external
https://nvd.nist.gov/vuln/detail/CVE-2023-0264	external

Acknowledgments

usd AG Marcus Nilsson

SISOFT s.c. Grzegorz Tworek

NETAŞ PENTEST TEAM Aytaç Kalıncı Ilker Bulgurcu Yasin Yılmaz

Trifork Peter Flintholm

https://github.com/souravs17031999 Sourav Kumar

A1 Digital Jordi Zayuelas i Muñoz

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n* keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* keycloak: missing email notification template allowlist (CVE-2022-1274)\n* keycloak: minimist: prototype pollution (CVE-2021-44906)\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n* loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)\n* keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)\n* keycloak: path traversal via double URL encoding (CVE-2022-3782)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n* keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)\n* keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n* keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n* rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n* keycloak: reflected XSS attack (CVE-2022-4137)\n* Keycloak Node.js Adapter: Open redirect vulnerability in checkSSO (CVE-2022-2237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1049",
        "url": "https://access.redhat.com/errata/RHSA-2023:1049"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1601614",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
      },
      {
        "category": "external",
        "summary": "1601617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
      },
      {
        "category": "external",
        "summary": "1701972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
      },
      {
        "category": "external",
        "summary": "1828406",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
      },
      {
        "category": "external",
        "summary": "2031904",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
      },
      {
        "category": "external",
        "summary": "2066009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
      },
      {
        "category": "external",
        "summary": "2072009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
      },
      {
        "category": "external",
        "summary": "2073157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
      },
      {
        "category": "external",
        "summary": "2097007",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007"
      },
      {
        "category": "external",
        "summary": "2105075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
      },
      {
        "category": "external",
        "summary": "2117506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
      },
      {
        "category": "external",
        "summary": "2126789",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
      },
      {
        "category": "external",
        "summary": "2129706",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
      },
      {
        "category": "external",
        "summary": "2129707",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
      },
      {
        "category": "external",
        "summary": "2129709",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
      },
      {
        "category": "external",
        "summary": "2135244",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
      },
      {
        "category": "external",
        "summary": "2135247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
      },
      {
        "category": "external",
        "summary": "2135770",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
      },
      {
        "category": "external",
        "summary": "2135771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
      },
      {
        "category": "external",
        "summary": "2138971",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
      },
      {
        "category": "external",
        "summary": "2140597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
      },
      {
        "category": "external",
        "summary": "2141404",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
      },
      {
        "category": "external",
        "summary": "2145194",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
      },
      {
        "category": "external",
        "summary": "2148496",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496"
      },
      {
        "category": "external",
        "summary": "2150009",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
      },
      {
        "category": "external",
        "summary": "2155681",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
      },
      {
        "category": "external",
        "summary": "2155682",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
      },
      {
        "category": "external",
        "summary": "2155970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
      },
      {
        "category": "external",
        "summary": "2156263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
      },
      {
        "category": "external",
        "summary": "2156324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
      },
      {
        "category": "external",
        "summary": "2158585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
      },
      {
        "category": "external",
        "summary": "2160585",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1049.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update",
    "tracking": {
      "current_release_date": "2026-05-25T14:25:15+00:00",
      "generator": {
        "date": "2026-05-25T14:25:15+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:1049",
      "initial_release_date": "2023-03-01T21:58:17+00:00",
      "revision_history": [
        {
          "date": "2023-03-01T21:58:17+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-01T21:58:17+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-25T14:25:15+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7",
                "product": {
                  "name": "Red Hat Single Sign-On 7",
                  "product_id": "Red Hat Single Sign-On 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-14040",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-07-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1601614"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14040"
        },
        {
          "category": "external",
          "summary": "RHBZ#1601614",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14040",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14040"
        }
      ],
      "release_date": "2018-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute"
    },
    {
      "cve": "CVE-2018-14042",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-07-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1601617"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite 6.2 and newer versions don\u0027t use the bootstrap library, hence are not affected by this flaw.\n\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don\u0027t use the vulnerable component at all.\n\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-14042"
        },
        {
          "category": "external",
          "summary": "RHBZ#1601617",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601617"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14042"
        }
      ],
      "release_date": "2018-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip"
    },
    {
      "cve": "CVE-2019-11358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-03-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1701972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "RHBZ#1701972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
        },
        {
          "category": "external",
          "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
          "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
        },
        {
          "category": "external",
          "summary": "https://www.drupal.org/sa-core-2019-006",
          "url": "https://www.drupal.org/sa-core-2019-006"
        }
      ],
      "release_date": "2019-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
    },
    {
      "cve": "CVE-2020-11022",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-04-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1828406"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "RHBZ#1828406",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
          "url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
        }
      ],
      "release_date": "2020-04-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
    },
    {
      "cve": "CVE-2020-11023",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2020-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1850004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "RHBZ#1850004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
        },
        {
          "category": "external",
          "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
          "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2020-04-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2025-01-23T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
    },
    {
      "cve": "CVE-2021-35065",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glob-parent: Regular Expression Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
          "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
        }
      ],
      "release_date": "2022-12-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "glob-parent: Regular Expression Denial of Service"
    },
    {
      "cve": "CVE-2021-44906",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-03-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2066009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimist: prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "RHBZ#2066009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
          "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
        }
      ],
      "release_date": "2022-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimist: prototype pollution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Marcus Nilsson"
          ],
          "organization": "usd AG"
        }
      ],
      "cve": "CVE-2022-1274",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-04-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2073157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: HTML injection in execute-actions-email Admin REST API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "RHBZ#2073157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1274"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725",
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725"
        }
      ],
      "release_date": "2023-02-28T18:57:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: HTML injection in execute-actions-email Admin REST API"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Grzegorz Tworek"
          ],
          "organization": "SISOFT s.c."
        }
      ],
      "cve": "CVE-2022-1438",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2021-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2031904"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: XSS on impersonation under specific circumstances",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1438"
        },
        {
          "category": "external",
          "summary": "RHBZ#2031904",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1438",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1438"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1438"
        }
      ],
      "release_date": "2023-02-28T18:56:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: XSS on impersonation under specific circumstances"
    },
    {
      "cve": "CVE-2022-1471",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-12-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2150009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "RHBZ#2150009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
        },
        {
          "category": "external",
          "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
          "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
        }
      ],
      "release_date": "2022-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ayta\u00e7 Kal\u0131nc\u0131",
            "Ilker Bulgurcu",
            "Yasin Y\u0131lmaz"
          ],
          "organization": "NETA\u015e PENTEST TEAM"
        }
      ],
      "cve": "CVE-2022-2237",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2022-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2097007"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Adapter: Open redirect vulnerability in checkSSO",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CodeReady Studio is no longer supported. Therefore, this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2237"
        },
        {
          "category": "external",
          "summary": "RHBZ#2097007",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097007"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2237",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2237"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2237"
        }
      ],
      "release_date": "2023-03-01T13:57:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Adapter: Open redirect vulnerability in checkSSO"
    },
    {
      "cve": "CVE-2022-2764",
      "discovery_date": "2022-08-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2117506"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2764"
        },
        {
          "category": "external",
          "summary": "RHBZ#2117506",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2764",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2764"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764"
        }
      ],
      "release_date": "2022-08-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations"
    },
    {
      "cve": "CVE-2022-3782",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-10-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2138971"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path traversal via double URL encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason Quarkus is marked with Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3782"
        },
        {
          "category": "external",
          "summary": "RHBZ#2138971",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138971"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3782",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3782"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3782"
        }
      ],
      "release_date": "2022-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path traversal via double URL encoding"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Peter Flintholm"
          ],
          "organization": "Trifork"
        }
      ],
      "cve": "CVE-2022-3916",
      "cwe": {
        "id": "CWE-384",
        "name": "Session Fixation"
      },
      "discovery_date": "2022-11-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2141404"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Session takeover with OIDC offline refreshtokens",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-3916"
        },
        {
          "category": "external",
          "summary": "RHBZ#2141404",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3916"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3916"
        }
      ],
      "release_date": "2022-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Session takeover with OIDC offline refreshtokens"
    },
    {
      "cve": "CVE-2022-4137",
      "cwe": {
        "id": "CWE-81",
        "name": "Improper Neutralization of Script in an Error Message Web Page"
      },
      "discovery_date": "2022-11-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2148496"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A reflected cross-site scripting (XSS) vulnerability was found in the \u0027oob\u0027 OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: reflected XSS attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2148496",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148496"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4137"
        }
      ],
      "release_date": "2023-03-01T13:56:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: reflected XSS attack"
    },
    {
      "cve": "CVE-2022-24785",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-04-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2072009"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Moment.js: Path traversal  in moment.locale",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Quay 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "RHBZ#2072009",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        }
      ],
      "release_date": "2022-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        },
        {
          "category": "workaround",
          "details": "Sanitize the user-provided locale name before passing it to Moment.js.",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Moment.js: Path traversal  in moment.locale"
    },
    {
      "cve": "CVE-2022-25857",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-09-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2126789"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2126789",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525"
        }
      ],
      "release_date": "2022-08-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections"
    },
    {
      "cve": "CVE-2022-31129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105075"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moment: inefficient parsing algorithm resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105075",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        }
      ],
      "release_date": "2022-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "moment: inefficient parsing algorithm resulting in DoS"
    },
    {
      "cve": "CVE-2022-37603",
      "cwe": {
        "id": "CWE-185",
        "name": "Incorrect Regular Expression"
      },
      "discovery_date": "2022-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2140597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "loader-utils: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "RHBZ#2140597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
        }
      ],
      "release_date": "2022-10-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "loader-utils: Regular expression denial of service"
    },
    {
      "cve": "CVE-2022-38749",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129706"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38749"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129706",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129706"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38749"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode"
    },
    {
      "cve": "CVE-2022-38750",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129707"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38750"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129707",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38750"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject"
    },
    {
      "cve": "CVE-2022-38751",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129709"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\n\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38751"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129709",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129709"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38751"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match"
    },
    {
      "cve": "CVE-2022-40149",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: parser crash by stackoverflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
        },
        {
          "category": "external",
          "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
          "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
        }
      ],
      "release_date": "2022-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jettison: parser crash by stackoverflow"
    },
    {
      "cve": "CVE-2022-40150",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-10-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135770"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: memory exhaustion via user-supplied XML or JSON data",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135770",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
        },
        {
          "category": "external",
          "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
          "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
        }
      ],
      "release_date": "2022-09-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jettison: memory exhaustion via user-supplied XML or JSON data"
    },
    {
      "cve": "CVE-2022-42003",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135244"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135244",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
    },
    {
      "cve": "CVE-2022-42004",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-10-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2135247"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: use of deeply nested arrays",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "RHBZ#2135247",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
        }
      ],
      "release_date": "2022-10-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: use of deeply nested arrays"
    },
    {
      "cve": "CVE-2022-45047",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2145194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd: Java unsafe deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2145194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
          "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
        }
      ],
      "release_date": "2022-11-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        },
        {
          "category": "workaround",
          "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mina-sshd: Java unsafe deserialization vulnerability"
    },
    {
      "cve": "CVE-2022-45693",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155970"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155970",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
    },
    {
      "cve": "CVE-2022-46175",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2022-12-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2156263"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "json5: Prototype Pollution in JSON5 via Parse Method",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "RHBZ#2156263",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
        },
        {
          "category": "external",
          "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
          "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
        }
      ],
      "release_date": "2022-12-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "json5: Prototype Pollution in JSON5 via Parse Method"
    },
    {
      "cve": "CVE-2022-46363",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: directory listing / code exfiltration",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
          "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CXF: directory listing / code exfiltration"
    },
    {
      "cve": "CVE-2022-46364",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-12-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2155682"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "CXF: SSRF Vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Integration Camel Quarkus does not support CXF extensions and so is affected at a reduced impact of Moderate.\nThe RHSSO server does not ship Apache CXF. The component mentioned in CVE-2022-46364 is a transitive dependency coming from Fuse adapters and the test suite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "RHBZ#2155682",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155682"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
        },
        {
          "category": "external",
          "summary": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2",
          "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
        }
      ],
      "release_date": "2022-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "CXF: SSRF Vulnerability"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Sourav Kumar"
          ],
          "organization": "https://github.com/souravs17031999",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0091",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2022-10-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158585"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Client Registration endpoint does not check token revocation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158585",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158585"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0091",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0091"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg",
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg"
        },
        {
          "category": "external",
          "summary": "https://github.com/keycloak/security/issues/27",
          "url": "https://github.com/keycloak/security/issues/27"
        }
      ],
      "release_date": "2022-10-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Client Registration endpoint does not check token revocation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jordi Zayuelas i Mu\u00f1oz"
          ],
          "organization": "A1 Digital",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2023-0264",
      "cwe": {
        "id": "CWE-303",
        "name": "Incorrect Implementation of Authentication Algorithm"
      },
      "discovery_date": "2023-01-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2160585"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, Integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: user impersonation via stolen uuid code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#2160585",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160585"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0264"
        }
      ],
      "release_date": "2023-02-28T18:58:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-01T21:58:17+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Single Sign-On 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1049"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Single Sign-On 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: user impersonation via stolen uuid code"
    }
  ]
}

RHSA-2023:1486

Vulnerability from csaf_redhat - Published: 2023-03-28 00:18 - Updated: 2026-04-01 13:13

Summary

Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update

Severity

Important

Notes

Topic: An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790) * rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * rubygem-tzinfo: arbitrary code execution (CVE-2022-31163) * rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-24790

A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch	—	Vendor Fix fix

Known not affected 69 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch		—

Threats

Impact Important

CVE-2022-30122

A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch	—	Vendor Fix fix

Known not affected 70 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch		—

Threats

Impact Moderate

CVE-2022-30123

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-179 - Incorrect Behavior Order: Early Validation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch	—	Vendor Fix fix

Known not affected 70 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch		—

Threats

Impact Important

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src		—	Vendor Fix fix
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64		—	Vendor Fix fix

Known not affected 71 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch		—
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch		—

Threats

Impact Important

CVE-2022-31163

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch	—	Vendor Fix fix Workaround

Known not affected 70 products

Product	Version	Remediation
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch	—	Workaround
Unresolved product id: 7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch	—	Workaround

Threats

Impact Important

References

32 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:1486	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2071616	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099519	external
https://bugzilla.redhat.com/show_bug.cgi?id=2099524	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110551	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-24790	self
https://bugzilla.redhat.com/show_bug.cgi?id=2071616	external
https://www.cve.org/CVERecord?id=CVE-2022-24790	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24790	external
https://access.redhat.com/security/cve/CVE-2022-30122	self
https://bugzilla.redhat.com/show_bug.cgi?id=2099519	external
https://www.cve.org/CVERecord?id=CVE-2022-30122	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30122	external
https://github.com/rubysec/ruby-advisory-db/blob/…	external
https://access.redhat.com/security/cve/CVE-2022-30123	self
https://bugzilla.redhat.com/show_bug.cgi?id=2099524	external
https://www.cve.org/CVERecord?id=CVE-2022-30123	external
https://nvd.nist.gov/vuln/detail/CVE-2022-30123	external
https://github.com/advisories/GHSA-wq4h-7r42-5hrr	external
https://access.redhat.com/security/cve/CVE-2022-31129	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://www.cve.org/CVERecord?id=CVE-2022-31129	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31129	external
https://github.com/moment/moment/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2022-31163	self
https://bugzilla.redhat.com/show_bug.cgi?id=2110551	external
https://www.cve.org/CVERecord?id=CVE-2022-31163	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31163	external
https://github.com/tzinfo/tzinfo/security/advisor…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nDjango is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don\u0027t Repeat Yourself) principle.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)\n\n* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:1486",
        "url": "https://access.redhat.com/errata/RHSA-2023:1486"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2071616",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
      },
      {
        "category": "external",
        "summary": "2099519",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
      },
      {
        "category": "external",
        "summary": "2099524",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
      },
      {
        "category": "external",
        "summary": "2105075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
      },
      {
        "category": "external",
        "summary": "2110551",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1486.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update",
    "tracking": {
      "current_release_date": "2026-04-01T13:13:54+00:00",
      "generator": {
        "date": "2026-04-01T13:13:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2023:1486",
      "initial_release_date": "2023-03-28T00:18:32+00:00",
      "revision_history": [
        {
          "date": "2023-03-28T00:18:32+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-03-28T00:18:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T13:13:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
                "product": {
                  "name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
                  "product_id": "7Server-RH-Gluster-3.5-WebAdministration",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:storage:3.5:wa:el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Gluster Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-0:5.2.4-6.el7rhgs.src",
                "product": {
                  "name": "grafana-0:5.2.4-6.el7rhgs.src",
                  "product_id": "grafana-0:5.2.4-6.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-django-0:1.11.27-4.el7rhgs.src",
                "product": {
                  "name": "python-django-0:1.11.27-4.el7rhgs.src",
                  "product_id": "python-django-0:1.11.27-4.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-django@1.11.27-4.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby-0:2.4.9-94.el7rhgs.src",
                "product": {
                  "name": "ruby-0:2.4.9-94.el7rhgs.src",
                  "product_id": "ruby-0:2.4.9-94.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
                  "product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
                  "product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
                "product": {
                  "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
                  "product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
                  "product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
                  "product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
                  "product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
                "product": {
                  "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
                  "product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
                  "product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
                  "product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
                  "product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
                  "product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
                  "product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
                  "product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
                "product": {
                  "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
                  "product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
                "product": {
                  "name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
                  "product_id": "grafana-0:5.2.4-6.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
                "product": {
                  "name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
                  "product_id": "ruby-0:2.4.9-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
                "product": {
                  "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
                  "product_id": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby-devel@2.4.9-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
                "product": {
                  "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
                  "product_id": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby-libs@2.4.9-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
                  "product_id": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-bigdecimal@1.3.2-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
                  "product_id": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-did_you_mean@1.1.0-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
                  "product_id": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-io-console@0.4.6-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
                  "product_id": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-json@2.0.4-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
                  "product_id": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-net-telnet@0.1.1-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
                  "product_id": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-openssl@2.0.9-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
                  "product_id": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-psych@2.2.2-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
                "product": {
                  "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
                  "product_id": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby-debuginfo@2.4.9-94.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
                  "product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
                  "product_id": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-bcrypt-debuginfo@3.1.12-2.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
                  "product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
                  "product_id": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-nio4r-debuginfo@2.3.1-2.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
                  "product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
                "product": {
                  "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
                  "product_id": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@4.3.12-1.el7rhgs?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
                "product": {
                  "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
                  "product_id": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-django-bash-completion@1.11.27-4.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
                "product": {
                  "name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
                  "product_id": "python2-django-0:1.11.27-4.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-django@1.11.27-4.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
                "product": {
                  "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
                  "product_id": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-django-doc@1.11.27-4.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
                "product": {
                  "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
                  "product_id": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby-doc@2.4.9-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
                "product": {
                  "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
                  "product_id": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ruby-irb@2.4.9-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
                  "product_id": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-minitest@5.10.1-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
                  "product_id": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-power_assert@0.4.1-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
                  "product_id": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rake@12.0.0-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
                  "product_id": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rdoc@5.0.1-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
                  "product_id": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-test-unit@3.2.3-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
                  "product_id": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-xmlrpc@0.2.1-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
                  "product_id": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygems@2.6.14.4-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
                "product": {
                  "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
                  "product_id": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygems-devel@2.6.14.4-94.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-activemodel-doc@5.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-activesupport-doc@5.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
                  "product_id": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-bcrypt-doc@3.1.12-2.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
                  "product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
                  "product_id": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby-doc@1.1.9-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
                  "product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
                  "product_id": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-i18n-doc@1.9.1-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
                  "product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
                  "product_id": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-mustermann-doc@1.0.3-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
                  "product_id": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-nio4r-doc@2.3.1-2.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
                  "product_id": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-puma-doc@4.3.12-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
                  "product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
                  "product_id": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rack-doc@2.2.4-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-rack-protection-doc@2.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
                  "product_id": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-sinatra-doc@2.2.0-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
                  "product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
                  "product_id": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-thread_safe-doc@0.3.6-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
                  "product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
                  "product_id": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-tilt-doc@2.0.11-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
                  "product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
                "product": {
                  "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
                  "product_id": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.10-1.el7rhgs?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-0:5.2.4-6.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src"
        },
        "product_reference": "grafana-0:5.2.4-6.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-0:5.2.4-6.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
        },
        "product_reference": "grafana-0:5.2.4-6.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-django-0:1.11.27-4.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src"
        },
        "product_reference": "python-django-0:1.11.27-4.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch"
        },
        "product_reference": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-django-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch"
        },
        "product_reference": "python2-django-0:1.11.27-4.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch"
        },
        "product_reference": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-0:2.4.9-94.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src"
        },
        "product_reference": "ruby-0:2.4.9-94.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64"
        },
        "product_reference": "ruby-0:2.4.9-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64"
        },
        "product_reference": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64"
        },
        "product_reference": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch"
        },
        "product_reference": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch"
        },
        "product_reference": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64"
        },
        "product_reference": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src"
        },
        "product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src"
        },
        "product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src"
        },
        "product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch"
        },
        "product_reference": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src"
        },
        "product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src"
        },
        "product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch"
        },
        "product_reference": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src"
        },
        "product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src"
        },
        "product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch"
        },
        "product_reference": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch"
        },
        "product_reference": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src"
        },
        "product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64"
        },
        "product_reference": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src"
        },
        "product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src"
        },
        "product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch"
        },
        "product_reference": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch"
        },
        "product_reference": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src"
        },
        "product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch"
        },
        "product_reference": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src"
        },
        "product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src"
        },
        "product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src"
        },
        "product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
        },
        "product_reference": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch"
        },
        "product_reference": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch"
        },
        "product_reference": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
          "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
        },
        "product_reference": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
        "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24790",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-04-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2071616"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "puma-5.6.4: http request smuggling vulnerabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
        ],
        "known_not_affected": [
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24790"
        },
        {
          "category": "external",
          "summary": "RHBZ#2071616",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24790"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790"
        }
      ],
      "release_date": "2022-03-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-28T00:18:32+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "puma-5.6.4: http request smuggling vulnerabilities"
    },
    {
      "cve": "CVE-2022-30122",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2022-06-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2099519"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-rack: crafted multipart POST request may cause a DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
        ],
        "known_not_affected": [
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30122"
        },
        {
          "category": "external",
          "summary": "RHBZ#2099519",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122"
        },
        {
          "category": "external",
          "summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
          "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"
        }
      ],
      "release_date": "2022-05-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-28T00:18:32+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-rack: crafted multipart POST request may cause a DoS"
    },
    {
      "cve": "CVE-2022-30123",
      "cwe": {
        "id": "CWE-179",
        "name": "Incorrect Behavior Order: Early Validation"
      },
      "discovery_date": "2022-06-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2099524"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-rack: crafted requests can cause shell escape sequences",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
        ],
        "known_not_affected": [
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30123"
        },
        {
          "category": "external",
          "summary": "RHBZ#2099524",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr",
          "url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr"
        }
      ],
      "release_date": "2022-05-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-28T00:18:32+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-rack: crafted requests can cause shell escape sequences"
    },
    {
      "cve": "CVE-2022-31129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105075"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moment: inefficient parsing algorithm resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105075",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        }
      ],
      "release_date": "2022-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-28T00:18:32+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1486"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "moment: inefficient parsing algorithm resulting in DoS"
    },
    {
      "cve": "CVE-2022-31163",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2022-07-25T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2110551"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-tzinfo: arbitrary code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
        ],
        "known_not_affected": [
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
          "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31163"
        },
        {
          "category": "external",
          "summary": "RHBZ#2110551",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31163"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163"
        },
        {
          "category": "external",
          "summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx",
          "url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx"
        }
      ],
      "release_date": "2022-07-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-03-28T00:18:32+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:1486"
        },
        {
          "category": "workaround",
          "details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.",
          "product_ids": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
            "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "rubygem-tzinfo: arbitrary code execution"
    }
  ]
}

RHSA-2023:3623

Vulnerability from csaf_redhat - Published: 2023-06-15 09:19 - Updated: 2026-04-01 13:13

Summary

Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update

Severity

Moderate

Notes

Topic: New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index Security Fix(es): * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * angular: XSS vulnerability (CVE-2021-4231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All users of Red Hat Ceph Storage are advised to update to these packages that provide numerous enhancements and bug fixes.

CVE-2021-4231

A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) in development, with Server-side rendering (SSR enabled).

3.9 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 155 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix

Known not affected 4 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src		—

Threats

Impact Low

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 155 products

Product	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64	—	Vendor Fix fix

Known not affected 4 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch		—
Unresolved product id: 9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src		—

Threats

Impact Important

References

143 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:3623	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1467648	external
https://bugzilla.redhat.com/show_bug.cgi?id=1600995	external
https://bugzilla.redhat.com/show_bug.cgi?id=1783271	external
https://bugzilla.redhat.com/show_bug.cgi?id=1794550	external
https://bugzilla.redhat.com/show_bug.cgi?id=1929760	external
https://bugzilla.redhat.com/show_bug.cgi?id=1932764	external
https://bugzilla.redhat.com/show_bug.cgi?id=1937618	external
https://bugzilla.redhat.com/show_bug.cgi?id=1975689	external
https://bugzilla.redhat.com/show_bug.cgi?id=1991808	external
https://bugzilla.redhat.com/show_bug.cgi?id=2004175	external
https://bugzilla.redhat.com/show_bug.cgi?id=2016288	external
https://bugzilla.redhat.com/show_bug.cgi?id=2016949	external
https://bugzilla.redhat.com/show_bug.cgi?id=2024444	external
https://bugzilla.redhat.com/show_bug.cgi?id=2025815	external
https://bugzilla.redhat.com/show_bug.cgi?id=2028058	external
https://bugzilla.redhat.com/show_bug.cgi?id=2029714	external
https://bugzilla.redhat.com/show_bug.cgi?id=2036063	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053347	external
https://bugzilla.redhat.com/show_bug.cgi?id=2053471	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064260	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064265	external
https://bugzilla.redhat.com/show_bug.cgi?id=2067709	external
https://bugzilla.redhat.com/show_bug.cgi?id=2076709	external
https://bugzilla.redhat.com/show_bug.cgi?id=2080926	external
https://bugzilla.redhat.com/show_bug.cgi?id=2082666	external
https://bugzilla.redhat.com/show_bug.cgi?id=2092506	external
https://bugzilla.redhat.com/show_bug.cgi?id=2094052	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097027	external
https://bugzilla.redhat.com/show_bug.cgi?id=2097187	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105950	external
https://bugzilla.redhat.com/show_bug.cgi?id=2106421	external
https://bugzilla.redhat.com/show_bug.cgi?id=2108228	external
https://bugzilla.redhat.com/show_bug.cgi?id=2108489	external
https://bugzilla.redhat.com/show_bug.cgi?id=2109224	external
https://bugzilla.redhat.com/show_bug.cgi?id=2110290	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111282	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111364	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111680	external
https://bugzilla.redhat.com/show_bug.cgi?id=2111751	external
https://bugzilla.redhat.com/show_bug.cgi?id=2112309	external
https://bugzilla.redhat.com/show_bug.cgi?id=2114835	external
https://bugzilla.redhat.com/show_bug.cgi?id=2120624	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124441	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127345	external
https://bugzilla.redhat.com/show_bug.cgi?id=2127926	external
https://bugzilla.redhat.com/show_bug.cgi?id=2129861	external
https://bugzilla.redhat.com/show_bug.cgi?id=2132554	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133341	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133549	external
https://bugzilla.redhat.com/show_bug.cgi?id=2133802	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136031	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136304	external
https://bugzilla.redhat.com/show_bug.cgi?id=2136336	external
https://bugzilla.redhat.com/show_bug.cgi?id=2137596	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138793	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138794	external
https://bugzilla.redhat.com/show_bug.cgi?id=2138933	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139694	external
https://bugzilla.redhat.com/show_bug.cgi?id=2139769	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140074	external
https://bugzilla.redhat.com/show_bug.cgi?id=2140784	external
https://bugzilla.redhat.com/show_bug.cgi?id=2141110	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142167	external
https://bugzilla.redhat.com/show_bug.cgi?id=2142431	external
https://bugzilla.redhat.com/show_bug.cgi?id=2143285	external
https://bugzilla.redhat.com/show_bug.cgi?id=2145104	external
https://bugzilla.redhat.com/show_bug.cgi?id=2146544	external
https://bugzilla.redhat.com/show_bug.cgi?id=2146546	external
https://bugzilla.redhat.com/show_bug.cgi?id=2147346	external
https://bugzilla.redhat.com/show_bug.cgi?id=2147348	external
https://bugzilla.redhat.com/show_bug.cgi?id=2149259	external
https://bugzilla.redhat.com/show_bug.cgi?id=2149415	external
https://bugzilla.redhat.com/show_bug.cgi?id=2149533	external
https://bugzilla.redhat.com/show_bug.cgi?id=2151189	external
https://bugzilla.redhat.com/show_bug.cgi?id=2152963	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153196	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153452	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153533	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153673	external
https://bugzilla.redhat.com/show_bug.cgi?id=2153726	external
https://bugzilla.redhat.com/show_bug.cgi?id=2158689	external
https://bugzilla.redhat.com/show_bug.cgi?id=2159294	external
https://bugzilla.redhat.com/show_bug.cgi?id=2159307	external
https://bugzilla.redhat.com/show_bug.cgi?id=2160598	external
https://bugzilla.redhat.com/show_bug.cgi?id=2161479	external
https://bugzilla.redhat.com/show_bug.cgi?id=2161483	external
https://bugzilla.redhat.com/show_bug.cgi?id=2163473	external
https://bugzilla.redhat.com/show_bug.cgi?id=2164327	external
https://bugzilla.redhat.com/show_bug.cgi?id=2168541	external
https://bugzilla.redhat.com/show_bug.cgi?id=2172791	external
https://bugzilla.redhat.com/show_bug.cgi?id=2175307	external
https://bugzilla.redhat.com/show_bug.cgi?id=2180110	external
https://bugzilla.redhat.com/show_bug.cgi?id=2180567	external
https://bugzilla.redhat.com/show_bug.cgi?id=2181055	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182022	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182035	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182564	external
https://bugzilla.redhat.com/show_bug.cgi?id=2182613	external
https://bugzilla.redhat.com/show_bug.cgi?id=2184268	external
https://bugzilla.redhat.com/show_bug.cgi?id=2185588	external
https://bugzilla.redhat.com/show_bug.cgi?id=2185772	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186095	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186126	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186472	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186738	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186760	external
https://bugzilla.redhat.com/show_bug.cgi?id=2186774	external
https://bugzilla.redhat.com/show_bug.cgi?id=2187265	external
https://bugzilla.redhat.com/show_bug.cgi?id=2187394	external
https://bugzilla.redhat.com/show_bug.cgi?id=2187617	external
https://bugzilla.redhat.com/show_bug.cgi?id=2187659	external
https://bugzilla.redhat.com/show_bug.cgi?id=2188266	external
https://bugzilla.redhat.com/show_bug.cgi?id=2188460	external
https://bugzilla.redhat.com/show_bug.cgi?id=2189308	external
https://bugzilla.redhat.com/show_bug.cgi?id=2190412	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196421	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196920	external
https://bugzilla.redhat.com/show_bug.cgi?id=2203098	external
https://bugzilla.redhat.com/show_bug.cgi?id=2203160	external
https://bugzilla.redhat.com/show_bug.cgi?id=2203747	external
https://bugzilla.redhat.com/show_bug.cgi?id=2204479	external
https://bugzilla.redhat.com/show_bug.cgi?id=2207702	external
https://bugzilla.redhat.com/show_bug.cgi?id=2207718	external
https://bugzilla.redhat.com/show_bug.cgi?id=2209109	external
https://bugzilla.redhat.com/show_bug.cgi?id=2209300	external
https://bugzilla.redhat.com/show_bug.cgi?id=2209375	external
https://bugzilla.redhat.com/show_bug.cgi?id=2209970	external
https://bugzilla.redhat.com/show_bug.cgi?id=2210698	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-4231	self
https://bugzilla.redhat.com/show_bug.cgi?id=2094052	external
https://www.cve.org/CVERecord?id=CVE-2021-4231	external
https://nvd.nist.gov/vuln/detail/CVE-2021-4231	external
https://access.redhat.com/security/cve/CVE-2022-31129	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105075	external
https://www.cve.org/CVERecord?id=CVE-2022-31129	external
https://nvd.nist.gov/vuln/detail/CVE-2022-31129	external
https://github.com/moment/moment/security/advisor…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New packages for Red Hat Ceph Storage 6.1 are now available on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThese new packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the\nmost significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index\n\nSecurity Fix(es):\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* angular: XSS vulnerability (CVE-2021-4231)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll users of Red Hat Ceph Storage are advised to update to these packages that provide numerous enhancements and bug fixes.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:3623",
        "url": "https://access.redhat.com/errata/RHSA-2023:3623"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index"
      },
      {
        "category": "external",
        "summary": "1467648",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467648"
      },
      {
        "category": "external",
        "summary": "1600995",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600995"
      },
      {
        "category": "external",
        "summary": "1783271",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783271"
      },
      {
        "category": "external",
        "summary": "1794550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1794550"
      },
      {
        "category": "external",
        "summary": "1929760",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929760"
      },
      {
        "category": "external",
        "summary": "1932764",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932764"
      },
      {
        "category": "external",
        "summary": "1937618",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937618"
      },
      {
        "category": "external",
        "summary": "1975689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975689"
      },
      {
        "category": "external",
        "summary": "1991808",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991808"
      },
      {
        "category": "external",
        "summary": "2004175",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004175"
      },
      {
        "category": "external",
        "summary": "2016288",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016288"
      },
      {
        "category": "external",
        "summary": "2016949",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016949"
      },
      {
        "category": "external",
        "summary": "2024444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024444"
      },
      {
        "category": "external",
        "summary": "2025815",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025815"
      },
      {
        "category": "external",
        "summary": "2028058",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028058"
      },
      {
        "category": "external",
        "summary": "2029714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029714"
      },
      {
        "category": "external",
        "summary": "2036063",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036063"
      },
      {
        "category": "external",
        "summary": "2053347",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053347"
      },
      {
        "category": "external",
        "summary": "2053471",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053471"
      },
      {
        "category": "external",
        "summary": "2064260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064260"
      },
      {
        "category": "external",
        "summary": "2064265",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064265"
      },
      {
        "category": "external",
        "summary": "2067709",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067709"
      },
      {
        "category": "external",
        "summary": "2076709",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076709"
      },
      {
        "category": "external",
        "summary": "2080926",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080926"
      },
      {
        "category": "external",
        "summary": "2082666",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082666"
      },
      {
        "category": "external",
        "summary": "2092506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092506"
      },
      {
        "category": "external",
        "summary": "2094052",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094052"
      },
      {
        "category": "external",
        "summary": "2097027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097027"
      },
      {
        "category": "external",
        "summary": "2097187",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097187"
      },
      {
        "category": "external",
        "summary": "2105075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
      },
      {
        "category": "external",
        "summary": "2105950",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105950"
      },
      {
        "category": "external",
        "summary": "2106421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106421"
      },
      {
        "category": "external",
        "summary": "2108228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108228"
      },
      {
        "category": "external",
        "summary": "2108489",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108489"
      },
      {
        "category": "external",
        "summary": "2109224",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109224"
      },
      {
        "category": "external",
        "summary": "2110290",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110290"
      },
      {
        "category": "external",
        "summary": "2111282",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111282"
      },
      {
        "category": "external",
        "summary": "2111364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111364"
      },
      {
        "category": "external",
        "summary": "2111680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111680"
      },
      {
        "category": "external",
        "summary": "2111751",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111751"
      },
      {
        "category": "external",
        "summary": "2112309",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112309"
      },
      {
        "category": "external",
        "summary": "2114835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114835"
      },
      {
        "category": "external",
        "summary": "2120624",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120624"
      },
      {
        "category": "external",
        "summary": "2124441",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124441"
      },
      {
        "category": "external",
        "summary": "2127345",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127345"
      },
      {
        "category": "external",
        "summary": "2127926",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127926"
      },
      {
        "category": "external",
        "summary": "2129861",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129861"
      },
      {
        "category": "external",
        "summary": "2132554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132554"
      },
      {
        "category": "external",
        "summary": "2133341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133341"
      },
      {
        "category": "external",
        "summary": "2133549",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133549"
      },
      {
        "category": "external",
        "summary": "2133802",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133802"
      },
      {
        "category": "external",
        "summary": "2136031",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136031"
      },
      {
        "category": "external",
        "summary": "2136304",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136304"
      },
      {
        "category": "external",
        "summary": "2136336",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136336"
      },
      {
        "category": "external",
        "summary": "2137596",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137596"
      },
      {
        "category": "external",
        "summary": "2138793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138793"
      },
      {
        "category": "external",
        "summary": "2138794",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138794"
      },
      {
        "category": "external",
        "summary": "2138933",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138933"
      },
      {
        "category": "external",
        "summary": "2139694",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139694"
      },
      {
        "category": "external",
        "summary": "2139769",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139769"
      },
      {
        "category": "external",
        "summary": "2140074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140074"
      },
      {
        "category": "external",
        "summary": "2140784",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140784"
      },
      {
        "category": "external",
        "summary": "2141110",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141110"
      },
      {
        "category": "external",
        "summary": "2142167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142167"
      },
      {
        "category": "external",
        "summary": "2142431",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142431"
      },
      {
        "category": "external",
        "summary": "2143285",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143285"
      },
      {
        "category": "external",
        "summary": "2145104",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145104"
      },
      {
        "category": "external",
        "summary": "2146544",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2146544"
      },
      {
        "category": "external",
        "summary": "2146546",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2146546"
      },
      {
        "category": "external",
        "summary": "2147346",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147346"
      },
      {
        "category": "external",
        "summary": "2147348",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147348"
      },
      {
        "category": "external",
        "summary": "2149259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149259"
      },
      {
        "category": "external",
        "summary": "2149415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149415"
      },
      {
        "category": "external",
        "summary": "2149533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149533"
      },
      {
        "category": "external",
        "summary": "2151189",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151189"
      },
      {
        "category": "external",
        "summary": "2152963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152963"
      },
      {
        "category": "external",
        "summary": "2153196",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153196"
      },
      {
        "category": "external",
        "summary": "2153452",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153452"
      },
      {
        "category": "external",
        "summary": "2153533",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153533"
      },
      {
        "category": "external",
        "summary": "2153673",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153673"
      },
      {
        "category": "external",
        "summary": "2153726",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153726"
      },
      {
        "category": "external",
        "summary": "2158689",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158689"
      },
      {
        "category": "external",
        "summary": "2159294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159294"
      },
      {
        "category": "external",
        "summary": "2159307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159307"
      },
      {
        "category": "external",
        "summary": "2160598",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160598"
      },
      {
        "category": "external",
        "summary": "2161479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161479"
      },
      {
        "category": "external",
        "summary": "2161483",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161483"
      },
      {
        "category": "external",
        "summary": "2163473",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163473"
      },
      {
        "category": "external",
        "summary": "2164327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164327"
      },
      {
        "category": "external",
        "summary": "2168541",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168541"
      },
      {
        "category": "external",
        "summary": "2172791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172791"
      },
      {
        "category": "external",
        "summary": "2175307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175307"
      },
      {
        "category": "external",
        "summary": "2180110",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180110"
      },
      {
        "category": "external",
        "summary": "2180567",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180567"
      },
      {
        "category": "external",
        "summary": "2181055",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181055"
      },
      {
        "category": "external",
        "summary": "2182022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182022"
      },
      {
        "category": "external",
        "summary": "2182035",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182035"
      },
      {
        "category": "external",
        "summary": "2182564",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182564"
      },
      {
        "category": "external",
        "summary": "2182613",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182613"
      },
      {
        "category": "external",
        "summary": "2184268",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184268"
      },
      {
        "category": "external",
        "summary": "2185588",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185588"
      },
      {
        "category": "external",
        "summary": "2185772",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185772"
      },
      {
        "category": "external",
        "summary": "2186095",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186095"
      },
      {
        "category": "external",
        "summary": "2186126",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186126"
      },
      {
        "category": "external",
        "summary": "2186472",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186472"
      },
      {
        "category": "external",
        "summary": "2186557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186557"
      },
      {
        "category": "external",
        "summary": "2186738",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186738"
      },
      {
        "category": "external",
        "summary": "2186760",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186760"
      },
      {
        "category": "external",
        "summary": "2186774",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186774"
      },
      {
        "category": "external",
        "summary": "2187265",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187265"
      },
      {
        "category": "external",
        "summary": "2187394",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187394"
      },
      {
        "category": "external",
        "summary": "2187617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187617"
      },
      {
        "category": "external",
        "summary": "2187659",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187659"
      },
      {
        "category": "external",
        "summary": "2188266",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188266"
      },
      {
        "category": "external",
        "summary": "2188460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188460"
      },
      {
        "category": "external",
        "summary": "2189308",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189308"
      },
      {
        "category": "external",
        "summary": "2190412",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190412"
      },
      {
        "category": "external",
        "summary": "2196421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196421"
      },
      {
        "category": "external",
        "summary": "2196920",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196920"
      },
      {
        "category": "external",
        "summary": "2203098",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203098"
      },
      {
        "category": "external",
        "summary": "2203160",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203160"
      },
      {
        "category": "external",
        "summary": "2203747",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203747"
      },
      {
        "category": "external",
        "summary": "2204479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2204479"
      },
      {
        "category": "external",
        "summary": "2207702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207702"
      },
      {
        "category": "external",
        "summary": "2207718",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207718"
      },
      {
        "category": "external",
        "summary": "2209109",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209109"
      },
      {
        "category": "external",
        "summary": "2209300",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209300"
      },
      {
        "category": "external",
        "summary": "2209375",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209375"
      },
      {
        "category": "external",
        "summary": "2209970",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209970"
      },
      {
        "category": "external",
        "summary": "2210698",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210698"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3623.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Ceph Storage 6.1 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-04-01T13:13:54+00:00",
      "generator": {
        "date": "2026-04-01T13:13:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2023:3623",
      "initial_release_date": "2023-06-15T09:19:13+00:00",
      "revision_history": [
        {
          "date": "2023-06-15T09:19:13+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-06-15T09:19:13+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-01T13:13:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Ceph Storage 6.1 Tools",
                "product": {
                  "name": "Red Hat Ceph Storage 6.1 Tools",
                  "product_id": "9Base-RHCEPH-6.1-Tools",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ceph_storage:6.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Ceph Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cephadm-ansible-0:2.15.0-1.el9cp.src",
                "product": {
                  "name": "cephadm-ansible-0:2.15.0-1.el9cp.src",
                  "product_id": "cephadm-ansible-0:2.15.0-1.el9cp.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cephadm-ansible@2.15.0-1.el9cp?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
                "product": {
                  "name": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
                  "product_id": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ansible-collection-ansible-posix@1.2.0-1.3.el9ost?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-2:17.2.6-70.el9cp.src",
                "product": {
                  "name": "ceph-2:17.2.6-70.el9cp.src",
                  "product_id": "ceph-2:17.2.6-70.el9cp.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph@17.2.6-70.el9cp?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cephadm-ansible-0:2.15.0-1.el9cp.noarch",
                "product": {
                  "name": "cephadm-ansible-0:2.15.0-1.el9cp.noarch",
                  "product_id": "cephadm-ansible-0:2.15.0-1.el9cp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cephadm-ansible@2.15.0-1.el9cp?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
                "product": {
                  "name": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
                  "product_id": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ansible-collection-ansible-posix@1.2.0-1.3.el9ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mib-2:17.2.6-70.el9cp.noarch",
                "product": {
                  "name": "ceph-mib-2:17.2.6-70.el9cp.noarch",
                  "product_id": "ceph-mib-2:17.2.6-70.el9cp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mib@17.2.6-70.el9cp?arch=noarch\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
                "product": {
                  "name": "ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
                  "product_id": "ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-resource-agents@17.2.6-70.el9cp?arch=noarch\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cephadm-2:17.2.6-70.el9cp.noarch",
                "product": {
                  "name": "cephadm-2:17.2.6-70.el9cp.noarch",
                  "product_id": "cephadm-2:17.2.6-70.el9cp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cephadm@17.2.6-70.el9cp?arch=noarch\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cephfs-top-2:17.2.6-70.el9cp.noarch",
                "product": {
                  "name": "cephfs-top-2:17.2.6-70.el9cp.noarch",
                  "product_id": "cephfs-top-2:17.2.6-70.el9cp.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cephfs-top@17.2.6-70.el9cp?arch=noarch\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ceph-base-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-base-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-base-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-base@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-common-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-common-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-common-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-common@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-fuse-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-fuse-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-fuse-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-fuse@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-immutable-object-cache@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-selinux-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-selinux-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-selinux-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-selinux@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs-devel@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs2-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "libcephfs2-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "libcephfs2-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs2@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados-devel-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librados-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librados-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados-devel@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados2-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librados2-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librados2-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados2@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradospp-devel-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "libradospp-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "libradospp-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradospp-devel@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradosstriper1-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "libradosstriper1-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "libradosstriper1-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradosstriper1@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd-devel-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librbd-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librbd-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd-devel@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd1-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librbd1-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librbd1-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd1@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw-devel-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librgw-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librgw-devel-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw-devel@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw2-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librgw2-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librgw2-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw2@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ceph-argparse@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ceph-common@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-cephfs-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-cephfs-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-cephfs-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-cephfs@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rados-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-rados-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-rados-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rados@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rbd-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-rbd-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-rbd-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rbd@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rgw-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-rgw-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-rgw-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rgw@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-nbd-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "rbd-nbd-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "rbd-nbd-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-nbd@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-debugsource@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-base-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-common-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-exporter-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-fuse-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-immutable-object-cache-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mds-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mgr-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mon-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-osd-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-radosgw-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-test-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cephfs-mirror-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs2-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephsqlite-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados-devel-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados2-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradosstriper1-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd1-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw2-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-cephfs-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rados-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rbd-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rgw-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-fuse-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-mirror-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                "product": {
                  "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_id": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-nbd-debuginfo@17.2.6-70.el9cp?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ceph-base-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-base-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-base-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-base@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-common-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-common-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-common-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-common@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-fuse@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-immutable-object-cache@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-selinux@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs-devel@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs2-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "libcephfs2-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "libcephfs2-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs2@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados-devel-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librados-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librados-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados-devel@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados2-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librados2-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librados2-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados2@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradospp-devel@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradosstriper1@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd-devel-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librbd-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librbd-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd-devel@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd1-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librbd1-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librbd1-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd1@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw-devel-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librgw-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librgw-devel-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw-devel@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw2-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librgw2-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librgw2-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw2@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ceph-argparse@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ceph-common@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-cephfs@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rados-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-rados-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-rados-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rados@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rbd-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-rbd-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-rbd-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rbd@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rgw-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-rgw-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-rgw-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rgw@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-nbd@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-debugsource@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-base-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-common-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-exporter-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-fuse-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-immutable-object-cache-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mds-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mgr-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mon-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-osd-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-radosgw-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-test-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cephfs-mirror-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs2-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephsqlite-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados-devel-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados2-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradosstriper1-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd1-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw2-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-cephfs-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rados-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rbd-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rgw-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-fuse-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-mirror-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                "product": {
                  "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_id": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-nbd-debuginfo@17.2.6-70.el9cp?arch=ppc64le\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ceph-base-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-base-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-base-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-base@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-common-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-common-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-common-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-common@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-fuse-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-fuse-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-fuse-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-fuse@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-immutable-object-cache@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-selinux-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-selinux-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-selinux-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-selinux@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs-devel-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "libcephfs-devel-2:17.2.6-70.el9cp.s390x",
                  "product_id": "libcephfs-devel-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs-devel@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs2-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "libcephfs2-2:17.2.6-70.el9cp.s390x",
                  "product_id": "libcephfs2-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs2@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados-devel-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librados-devel-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librados-devel-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados-devel@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados2-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librados2-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librados2-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados2@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradospp-devel-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "libradospp-devel-2:17.2.6-70.el9cp.s390x",
                  "product_id": "libradospp-devel-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradospp-devel@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradosstriper1-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "libradosstriper1-2:17.2.6-70.el9cp.s390x",
                  "product_id": "libradosstriper1-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradosstriper1@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd-devel-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librbd-devel-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librbd-devel-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd-devel@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd1-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librbd1-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librbd1-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd1@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw-devel-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librgw-devel-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librgw-devel-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw-devel@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw2-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librgw2-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librgw2-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw2@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ceph-argparse@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ceph-common-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-ceph-common-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-ceph-common-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ceph-common@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-cephfs-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-cephfs-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-cephfs-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-cephfs@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rados-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-rados-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-rados-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rados@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rbd-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-rbd-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-rbd-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rbd@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rgw-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-rgw-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-rgw-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rgw@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-nbd-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "rbd-nbd-2:17.2.6-70.el9cp.s390x",
                  "product_id": "rbd-nbd-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-nbd@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-debugsource-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-debugsource-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-debugsource-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-debugsource@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-base-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-common-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-exporter-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-fuse-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-immutable-object-cache-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mds-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mgr-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-mon-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-osd-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-radosgw-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ceph-test-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cephfs-mirror-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephfs2-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libcephsqlite-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados-devel-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librados2-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libradosstriper1-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librbd1-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/librgw2-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-cephfs-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rados-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rbd-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-rgw-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-fuse-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-mirror-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
                "product": {
                  "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_id": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rbd-nbd-debuginfo@17.2.6-70.el9cp?arch=s390x\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch"
        },
        "product_reference": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src"
        },
        "product_reference": "ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-2:17.2.6-70.el9cp.src as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src"
        },
        "product_reference": "ceph-2:17.2.6-70.el9cp.src",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-base-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-base-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-base-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-base-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-base-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-base-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-common-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-common-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-common-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-common-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-common-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-common-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-debugsource-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-debugsource-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-debugsource-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-debugsource-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-fuse-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-fuse-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-fuse-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-fuse-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-fuse-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mib-2:17.2.6-70.el9cp.noarch as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch"
        },
        "product_reference": "ceph-mib-2:17.2.6-70.el9cp.noarch",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-resource-agents-2:17.2.6-70.el9cp.noarch as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch"
        },
        "product_reference": "ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-selinux-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-selinux-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-selinux-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-selinux-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-selinux-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cephadm-2:17.2.6-70.el9cp.noarch as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch"
        },
        "product_reference": "cephadm-2:17.2.6-70.el9cp.noarch",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cephadm-ansible-0:2.15.0-1.el9cp.noarch as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch"
        },
        "product_reference": "cephadm-ansible-0:2.15.0-1.el9cp.noarch",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cephadm-ansible-0:2.15.0-1.el9cp.src as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src"
        },
        "product_reference": "cephadm-ansible-0:2.15.0-1.el9cp.src",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cephfs-top-2:17.2.6-70.el9cp.noarch as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch"
        },
        "product_reference": "cephfs-top-2:17.2.6-70.el9cp.noarch",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs-devel-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs-devel-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "libcephfs-devel-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs-devel-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs2-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "libcephfs2-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs2-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "libcephfs2-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs2-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "libcephfs2-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados-devel-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librados-devel-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados-devel-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librados-devel-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados-devel-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librados-devel-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados2-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librados2-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados2-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librados2-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados2-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librados2-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados2-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librados2-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradospp-devel-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradospp-devel-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "libradospp-devel-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradospp-devel-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "libradospp-devel-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradosstriper1-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradosstriper1-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "libradosstriper1-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradosstriper1-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "libradosstriper1-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd-devel-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librbd-devel-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd-devel-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librbd-devel-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd-devel-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librbd-devel-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd1-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librbd1-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd1-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librbd1-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd1-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librbd1-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw-devel-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librgw-devel-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw-devel-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librgw-devel-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw-devel-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librgw-devel-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw2-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librgw2-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw2-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librgw2-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw2-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librgw2-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ceph-common-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ceph-common-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-ceph-common-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ceph-common-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-cephfs-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-cephfs-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-cephfs-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-cephfs-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-cephfs-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rados-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-rados-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rados-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-rados-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rados-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-rados-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rbd-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-rbd-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rbd-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-rbd-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rbd-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-rbd-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rgw-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-rgw-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rgw-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-rgw-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rgw-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-rgw-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-nbd-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-nbd-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "rbd-nbd-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-nbd-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "rbd-nbd-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le"
        },
        "product_reference": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x"
        },
        "product_reference": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64 as a component of Red Hat Ceph Storage 6.1 Tools",
          "product_id": "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
        },
        "product_reference": "rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
        "relates_to_product_reference": "9Base-RHCEPH-6.1-Tools"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-4231",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2022-05-26T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2094052"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the angular/core package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) in development, with Server-side rendering (SSR enabled).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "angular: XSS vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is out of support scope for dotnet-5.0, therefore it will not be addressed in this version of dotnet. For more information, please see https://access.redhat.com/support/policy/updates/net-core.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src",
          "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
          "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
          "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-4231"
        },
        {
          "category": "external",
          "summary": "RHBZ#2094052",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094052"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4231",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-4231"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4231",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4231"
        }
      ],
      "release_date": "2020-12-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T09:19:13+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage cluster using cephadm in the Red Hat Storage Ceph Upgrade Guide (https://access.redhat.com/documentation/en-us/red_hat_ceph_storage).",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
            "9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "angular: XSS vulnerability"
    },
    {
      "cve": "CVE-2022-31129",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105075"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moment: inefficient parsing algorithm resulting in DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src",
          "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
          "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
        ],
        "known_not_affected": [
          "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
          "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
          "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch",
          "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105075",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
          "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
        }
      ],
      "release_date": "2022-07-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T09:19:13+00:00",
          "details": "For details on how to apply this update, see Upgrade a Red Hat Ceph Storage cluster using cephadm in the Red Hat Storage Ceph Upgrade Guide (https://access.redhat.com/documentation/en-us/red_hat_ceph_storage).",
          "product_ids": [
            "9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3623"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.noarch",
            "9Base-RHCEPH-6.1-Tools:ansible-collection-ansible-posix-0:1.2.0-1.3.el9ost.src",
            "9Base-RHCEPH-6.1-Tools:ceph-2:17.2.6-70.el9cp.src",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-base-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-common-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-debugsource-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-exporter-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-immutable-object-cache-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mds-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mgr-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-mib-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-mon-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-osd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-radosgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-resource-agents-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-selinux-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:ceph-test-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephadm-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:cephadm-ansible-0:2.15.0-1.el9cp.src",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:cephfs-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:cephfs-top-2:17.2.6-70.el9cp.noarch",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephfs2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libcephsqlite-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados-devel-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librados2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradospp-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:libradosstriper1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librbd1-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw-devel-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:librgw2-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-argparse-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-ceph-common-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-cephfs-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rados-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rbd-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:python3-rgw-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-fuse-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-mirror-debuginfo-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-2:17.2.6-70.el9cp.x86_64",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.ppc64le",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.s390x",
            "9Base-RHCEPH-6.1-Tools:rbd-nbd-debuginfo-2:17.2.6-70.el9cp.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "moment: inefficient parsing algorithm resulting in DoS"
    }
  ]
}

SUSE-SU-2022:3313-1

Vulnerability from csaf_suse - Published: 2022-09-19 15:37 - Updated: 2022-09-19 15:37

Summary

Security update for release-notes-susemanager, release-notes-susemanager-proxy

Severity

Critical

Notes

Title of the patch: Security update for release-notes-susemanager, release-notes-susemanager-proxy

Description of the patch: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE:Manager 4.2.9 * Notification about SUSE Manager end-of-life has been added * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411 * Bugs mentioned: bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729 bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372 bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296 bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629 bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224 bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753 bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464 bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.2.9 * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591 bsc#1201142, bsc#1202142, bsc#1202724

Patchnames: SUSE-2022-3313,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313

CVE-2021-41411

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-42740

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2021-43138

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64	—	Vendor Fix

Threats

Impact important

References

56 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1172705	self
https://bugzilla.suse.com/1187028	self
https://bugzilla.suse.com/1195455	self
https://bugzilla.suse.com/1195895	self
https://bugzilla.suse.com/1196729	self
https://bugzilla.suse.com/1198168	self
https://bugzilla.suse.com/1198489	self
https://bugzilla.suse.com/1198738	self
https://bugzilla.suse.com/1198903	self
https://bugzilla.suse.com/1199372	self
https://bugzilla.suse.com/1199659	self
https://bugzilla.suse.com/1199913	self
https://bugzilla.suse.com/1199950	self
https://bugzilla.suse.com/1200276	self
https://bugzilla.suse.com/1200296	self
https://bugzilla.suse.com/1200480	self
https://bugzilla.suse.com/1200532	self
https://bugzilla.suse.com/1200573	self
https://bugzilla.suse.com/1200591	self
https://bugzilla.suse.com/1200629	self
https://bugzilla.suse.com/1201142	self
https://bugzilla.suse.com/1201189	self
https://bugzilla.suse.com/1201210	self
https://bugzilla.suse.com/1201220	self
https://bugzilla.suse.com/1201224	self
https://bugzilla.suse.com/1201527	self
https://bugzilla.suse.com/1201606	self
https://bugzilla.suse.com/1201607	self
https://bugzilla.suse.com/1201626	self
https://bugzilla.suse.com/1201753	self
https://bugzilla.suse.com/1201913	self
https://bugzilla.suse.com/1201918	self
https://bugzilla.suse.com/1202142	self
https://bugzilla.suse.com/1202272	self
https://bugzilla.suse.com/1202464	self
https://bugzilla.suse.com/1202724	self
https://bugzilla.suse.com/1202728	self
https://bugzilla.suse.com/1203287	self
https://bugzilla.suse.com/1203288	self
https://bugzilla.suse.com/1203449	self
https://www.suse.com/security/cve/CVE-2021-41411/	self
https://www.suse.com/security/cve/CVE-2021-42740/	self
https://www.suse.com/security/cve/CVE-2021-43138/	self
https://www.suse.com/security/cve/CVE-2022-31129/	self
https://www.suse.com/security/cve/CVE-2021-41411	external
https://bugzilla.suse.com/1200629	external
https://www.suse.com/security/cve/CVE-2021-42740	external
https://bugzilla.suse.com/1203287	external
https://www.suse.com/security/cve/CVE-2021-43138	external
https://bugzilla.suse.com/1200480	external
https://www.suse.com/security/cve/CVE-2022-31129	external
https://bugzilla.suse.com/1203288	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:\n\nRelease notes for SUSE Manager:\n\n- Update to SUSE:Manager 4.2.9\n  * Notification about SUSE Manager end-of-life has been added\n  * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129, CVE-2021-41411\n  * Bugs mentioned:\n    bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895, bsc#1196729\n    bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903, bsc#1199372\n    bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276, bsc#1200296\n    bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591, bsc#1200629\n    bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220, bsc#1201224\n    bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626, bsc#1201753\n    bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272, bsc#1202464\n    bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449\n\nRelease notes for SUSE Manager Proxy:\n\n- Update to SUSE Manager 4.2.9\n  * CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129\n  * Bugs mentioned:\n    bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480, bsc#1200591\n    bsc#1201142, bsc#1202142, bsc#1202724\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-3313,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3313-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:3313-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223313-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:3313-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012289.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172705",
        "url": "https://bugzilla.suse.com/1172705"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1187028",
        "url": "https://bugzilla.suse.com/1187028"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195455",
        "url": "https://bugzilla.suse.com/1195455"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195895",
        "url": "https://bugzilla.suse.com/1195895"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196729",
        "url": "https://bugzilla.suse.com/1196729"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198168",
        "url": "https://bugzilla.suse.com/1198168"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198489",
        "url": "https://bugzilla.suse.com/1198489"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198738",
        "url": "https://bugzilla.suse.com/1198738"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198903",
        "url": "https://bugzilla.suse.com/1198903"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199372",
        "url": "https://bugzilla.suse.com/1199372"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199659",
        "url": "https://bugzilla.suse.com/1199659"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199913",
        "url": "https://bugzilla.suse.com/1199913"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199950",
        "url": "https://bugzilla.suse.com/1199950"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200276",
        "url": "https://bugzilla.suse.com/1200276"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200296",
        "url": "https://bugzilla.suse.com/1200296"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200480",
        "url": "https://bugzilla.suse.com/1200480"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200532",
        "url": "https://bugzilla.suse.com/1200532"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200573",
        "url": "https://bugzilla.suse.com/1200573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200591",
        "url": "https://bugzilla.suse.com/1200591"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200629",
        "url": "https://bugzilla.suse.com/1200629"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201142",
        "url": "https://bugzilla.suse.com/1201142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201189",
        "url": "https://bugzilla.suse.com/1201189"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201210",
        "url": "https://bugzilla.suse.com/1201210"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201220",
        "url": "https://bugzilla.suse.com/1201220"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201224",
        "url": "https://bugzilla.suse.com/1201224"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201527",
        "url": "https://bugzilla.suse.com/1201527"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201606",
        "url": "https://bugzilla.suse.com/1201606"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201607",
        "url": "https://bugzilla.suse.com/1201607"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201626",
        "url": "https://bugzilla.suse.com/1201626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201753",
        "url": "https://bugzilla.suse.com/1201753"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201913",
        "url": "https://bugzilla.suse.com/1201913"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201918",
        "url": "https://bugzilla.suse.com/1201918"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202142",
        "url": "https://bugzilla.suse.com/1202142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202272",
        "url": "https://bugzilla.suse.com/1202272"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202464",
        "url": "https://bugzilla.suse.com/1202464"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202724",
        "url": "https://bugzilla.suse.com/1202724"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202728",
        "url": "https://bugzilla.suse.com/1202728"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203287",
        "url": "https://bugzilla.suse.com/1203287"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203288",
        "url": "https://bugzilla.suse.com/1203288"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203449",
        "url": "https://bugzilla.suse.com/1203449"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41411 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41411/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-42740 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-42740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43138 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-31129 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-31129/"
      }
    ],
    "title": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
    "tracking": {
      "current_release_date": "2022-09-19T15:37:27Z",
      "generator": {
        "date": "2022-09-19T15:37:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:3313-1",
      "initial_release_date": "2022-09-19T15:37:27Z",
      "revision_history": [
        {
          "date": "2022-09-19T15:37:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64",
                "product": {
                  "name": "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64",
                  "product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64",
                  "product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.2.9-150300.3.54.1.i586",
                "product": {
                  "name": "release-notes-susemanager-4.2.9-150300.3.54.1.i586",
                  "product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586",
                  "product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
                  "product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le",
                  "product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
                "product": {
                  "name": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
                  "product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x",
                  "product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64",
                "product": {
                  "name": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64",
                  "product_id": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
                  "product_id": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 4.2",
                "product": {
                  "name": "SUSE Manager Proxy 4.2",
                  "product_id": "SUSE Manager Proxy 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Retail Branch Server 4.2",
                "product": {
                  "name": "SUSE Manager Retail Branch Server 4.2",
                  "product_id": "SUSE Manager Retail Branch Server 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.2",
                "product": {
                  "name": "SUSE Manager Server 4.2",
                  "product_id": "SUSE Manager Server 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 as component of SUSE Manager Proxy 4.2",
          "product_id": "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64"
        },
        "product_reference": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64 as component of SUSE Manager Retail Branch Server 4.2",
          "product_id": "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64"
        },
        "product_reference": "release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le"
        },
        "product_reference": "release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x"
        },
        "product_reference": "release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64 as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
        },
        "product_reference": "release-notes-susemanager-4.2.9-150300.3.54.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-41411",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41411"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41411",
          "url": "https://www.suse.com/security/cve/CVE-2021-41411"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200629 for CVE-2021-41411",
          "url": "https://bugzilla.suse.com/1200629"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:37:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-41411"
    },
    {
      "cve": "CVE-2021-42740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-42740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-42740",
          "url": "https://www.suse.com/security/cve/CVE-2021-42740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203287 for CVE-2021-42740",
          "url": "https://bugzilla.suse.com/1203287"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:37:27Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2021-42740"
    },
    {
      "cve": "CVE-2021-43138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43138",
          "url": "https://www.suse.com/security/cve/CVE-2021-43138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200480 for CVE-2021-43138",
          "url": "https://bugzilla.suse.com/1200480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:37:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-43138"
    },
    {
      "cve": "CVE-2022-31129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-31129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
          "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-31129",
          "url": "https://www.suse.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203288 for CVE-2022-31129",
          "url": "https://bugzilla.suse.com/1203288"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.9-150300.3.43.1.x86_64",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.ppc64le",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.s390x",
            "SUSE Manager Server 4.2:release-notes-susemanager-4.2.9-150300.3.54.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:37:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-31129"
    }
  ]
}

SUSE-SU-2022:3314-1

Vulnerability from csaf_suse - Published: 2022-09-19 15:38 - Updated: 2022-09-19 15:38

Summary

Security update for SUSE Manager Server 4.2

Severity

Critical

Notes

Title of the patch: Security update for SUSE Manager Server 4.2

Description of the patch: This update fixes the following issues: drools: - CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629) httpcomponents-asyncclient: - Provide maven metadata needed by other packages to build image-sync-formula: - Update to version 0.1.1661440526.b08d95b * Add option to sort boot images by version (bsc#1196729) inter-server-sync: - Version 0.2.3 * Compress exported sql data #16631 * Add gzip dependency to decompress data file during import process patterns-suse-manager: - Strictly require OpenJDK 11 (bsc#1202142) py27-compat-salt: - Add support for gpgautoimport in zypperpkg module - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Unify logic on using multiple requisites and add onfail_all (bsc#1198738) - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) salt-netapi-client: - Declare the LICENSE file as license and not doc - Adapted for Enterprise Linux 9. - Version 0.20.0 * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0 saltboot-formula: - Update to version 0.1.1661440526.b08d95b * Fallback to local boot if the configured image is not synced * improve image url modifications - preparation for ftp/http changes spacecmd: - Version 4.2.19-1 * Process date values in spacecmd api calls (bsc#1198903) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) spacewalk-admin: - Version 4.2.12-1 * Add --help option to mgr-monitoring-ctl spacewalk-backend: - Version 4.2.24-1 * Make reposync use the configured http proxy with mirrorlist (bsc#1198168) * Revert proxy listChannels token caching pr#4548 * cleanup leftovers from removing unused xmlrpc endpoint spacewalk-certs-tools: - Version 4.2.18-1 * traditional stack bootstrap: install product packages (bsc#1201142) spacewalk-client-tools: - Version 4.2.20-1 * Update translation strings spacewalk-java: - Version 4.2.41-1 * Fixed date format on scheduler related messages (bsc#1195455) * Support inherited values for kernel options from Cobbler API (bsc#1199913) * Add channel availability check for product migration (bsc#1200296) * Check if system has all formulas correctly assigned (bsc#1201607) * Remove group formula assignments and data on group delete (bsc#1201606) * Fix sync for external repositories (bsc#1201753) * fix state.apply result parsing in test mode (bsc#1201913) * Reduce the length of image channel URL (bsc#1201220) * Calculate dependencies between cloned channels of vendor channels (bsc#1201626) * fix symlinks pointing to ongres-stringprep * Modify parameter type when communicating with the search server (bsc#1187028) * Fix initial profile and build host on Image Build page (bsc#1199659) * Fix the confirm message on the refresh action by adding a link to pending actions on it (bsc#1172705) * require new salt-netapi-client version * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950) spacewalk-search: - Version 4.2.8-1 * Add methods to handle session id as String spacewalk-web: - Version 4.2.29-1 * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480) * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288) * Fix table header layout for unselectable tables * Fix initial profile and build host on Image Build page (bsc#1199659) subscription-matcher: - Added Guava maximum version requirement. susemanager: - Version 4.2.37-1 * mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs (bsc#1203449) - Version 4.2.36-1 * add missing packages on SLES 15 * remove server-migrator.sh from SUSE Manager installations (bsc#1202728) * mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573) * add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918) * remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000 * add openSUSE 15.4 product (bsc#1201527) * add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189) susemanager-doc-indexes: - Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464) - Documented how to onboard Ubuntu clients with the Salt bundle as a regular user - Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user - Fixed the names of updates channels for Leap - Fixed errors in OpenSCAP chapter of Administration Guide - Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin - Removed CentOS 8 from the list of supported client systems - Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210) - Reverted single snippet change for two separate books - Added extend Salt Bundle functionality with Python packages using pip - Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH - Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin - Salt Configuration Modules are no longer Technology Preview in Salt Guide. - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly. - Removed SUSE Linux Enterprise 11 from the list of supported client systems susemanager-docs_en: - Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464) - Documented how to onboard Ubuntu clients with the Salt bundle as a regular user - Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user - Fixed the names of updates channels for Leap - Fixed errors in OpenSCAP chapter of Administration Guide - Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin - Removed CentOS 8 from the list of supported client systems - Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210) - Reverted single snippet change for two separate books - Added extend Salt Bundle functionality with Python packages using pip - Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH - Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin - Salt Configuration Modules are no longer Technology Preview in Salt Guide. - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly. - Removed SUSE Linux Enterprise 11 from the list of supported client systems susemanager-schema: - Version 4.2.24-1 * Fix migration of image actions (bsc#1202272) susemanager-sls: - Version 4.2.27-1 * Copy grains file with util.mgr_switch_to_venv_minion state apply * Remove the message 'rpm: command not found' on using Salt SSH with Debian based systems which has no Salt Bundle * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader * Fix deploy of SLE Micro CA Certificate (bsc#1200276) uyuni-common-libs: - Version 4.2.7-1 * Do not allow creating path if nonexistent user or group in fileutils. How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`

Patchnames: SUSE-2022-3314,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3314,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314

CVE-2021-41411

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 84 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch	—	Vendor Fix

Threats

Impact important

CVE-2021-42740

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 84 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch	—	Vendor Fix

Threats

Impact critical

CVE-2021-43138

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 84 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch	—	Vendor Fix

Threats

Impact important

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 84 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch	—	Vendor Fix

Threats

Impact important

References

55 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1172705	self
https://bugzilla.suse.com/1187028	self
https://bugzilla.suse.com/1195455	self
https://bugzilla.suse.com/1195895	self
https://bugzilla.suse.com/1196729	self
https://bugzilla.suse.com/1198168	self
https://bugzilla.suse.com/1198489	self
https://bugzilla.suse.com/1198738	self
https://bugzilla.suse.com/1198903	self
https://bugzilla.suse.com/1199372	self
https://bugzilla.suse.com/1199659	self
https://bugzilla.suse.com/1199913	self
https://bugzilla.suse.com/1199950	self
https://bugzilla.suse.com/1200276	self
https://bugzilla.suse.com/1200296	self
https://bugzilla.suse.com/1200480	self
https://bugzilla.suse.com/1200532	self
https://bugzilla.suse.com/1200573	self
https://bugzilla.suse.com/1200591	self
https://bugzilla.suse.com/1200629	self
https://bugzilla.suse.com/1201142	self
https://bugzilla.suse.com/1201189	self
https://bugzilla.suse.com/1201210	self
https://bugzilla.suse.com/1201220	self
https://bugzilla.suse.com/1201224	self
https://bugzilla.suse.com/1201527	self
https://bugzilla.suse.com/1201606	self
https://bugzilla.suse.com/1201607	self
https://bugzilla.suse.com/1201626	self
https://bugzilla.suse.com/1201753	self
https://bugzilla.suse.com/1201913	self
https://bugzilla.suse.com/1201918	self
https://bugzilla.suse.com/1202142	self
https://bugzilla.suse.com/1202272	self
https://bugzilla.suse.com/1202464	self
https://bugzilla.suse.com/1202728	self
https://bugzilla.suse.com/1203287	self
https://bugzilla.suse.com/1203288	self
https://bugzilla.suse.com/1203449	self
https://www.suse.com/security/cve/CVE-2021-41411/	self
https://www.suse.com/security/cve/CVE-2021-42740/	self
https://www.suse.com/security/cve/CVE-2021-43138/	self
https://www.suse.com/security/cve/CVE-2022-31129/	self
https://www.suse.com/security/cve/CVE-2021-41411	external
https://bugzilla.suse.com/1200629	external
https://www.suse.com/security/cve/CVE-2021-42740	external
https://bugzilla.suse.com/1203287	external
https://www.suse.com/security/cve/CVE-2021-43138	external
https://bugzilla.suse.com/1200480	external
https://www.suse.com/security/cve/CVE-2022-31129	external
https://bugzilla.suse.com/1203288	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SUSE Manager Server 4.2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update fixes the following issues:\n\ndrools:\n\n- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629)\n\nhttpcomponents-asyncclient:\n\n- Provide maven metadata needed by other packages to build\n\nimage-sync-formula:\n\n- Update to version 0.1.1661440526.b08d95b\n  * Add option to sort boot images by version (bsc#1196729)\n\ninter-server-sync:\n\n- Version 0.2.3\n  * Compress exported sql data #16631\n  * Add gzip dependency to decompress data file during import process\n\npatterns-suse-manager:\n\n- Strictly require OpenJDK 11 (bsc#1202142) \n\npy27-compat-salt:\n\n- Add support for gpgautoimport in zypperpkg module\n- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)\n- Add support for name, pkgs and diff_attr parameters to upgrade\n  function for zypper and yum (bsc#1198489)\n- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)\n- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)\n\nsalt-netapi-client:\n\n- Declare the LICENSE file as license and not doc\n- Adapted for Enterprise Linux 9.\n- Version 0.20.0\n  * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0\n\nsaltboot-formula:\n\n- Update to version 0.1.1661440526.b08d95b\n  * Fallback to local boot if the configured image is not synced\n  * improve image url modifications - preparation for ftp/http changes\n\nspacecmd:\n\n- Version 4.2.19-1\n  * Process date values in spacecmd api calls (bsc#1198903)\n  * Show correct help on calling kickstart_importjson with no arguments\n  * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)\n\nspacewalk-admin:\n\n- Version 4.2.12-1\n  * Add --help option to mgr-monitoring-ctl\n\nspacewalk-backend:\n\n- Version 4.2.24-1\n  * Make reposync use the configured http proxy with mirrorlist (bsc#1198168)\n  * Revert proxy listChannels token caching pr#4548\n  * cleanup leftovers from removing unused xmlrpc endpoint\n\nspacewalk-certs-tools:\n\n- Version 4.2.18-1\n  * traditional stack bootstrap: install product packages (bsc#1201142)\n\nspacewalk-client-tools:\n\n- Version 4.2.20-1\n  * Update translation strings\n\nspacewalk-java:\n\n- Version 4.2.41-1\n  * Fixed date format on scheduler related messages (bsc#1195455)\n  * Support inherited values for kernel options from Cobbler API (bsc#1199913)\n  * Add channel availability check for product migration (bsc#1200296)\n  * Check if system has all formulas correctly assigned (bsc#1201607)\n  * Remove group formula assignments and data on group delete (bsc#1201606)\n  * Fix sync for external repositories (bsc#1201753)\n  * fix state.apply result parsing in test mode (bsc#1201913)\n  * Reduce the length of image channel URL (bsc#1201220)\n  * Calculate dependencies between cloned channels of vendor channels (bsc#1201626)\n  * fix symlinks pointing to ongres-stringprep\n  * Modify parameter type when communicating with the search server (bsc#1187028)\n  * Fix initial profile and build host on Image Build page (bsc#1199659)\n  * Fix the confirm message on the refresh action by adding a link\n    to pending actions on it (bsc#1172705)\n  * require new salt-netapi-client version\n  * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)\n\nspacewalk-search:\n\n- Version 4.2.8-1\n  * Add methods to handle session id as String\n\nspacewalk-web:\n\n- Version 4.2.29-1\n  * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480)\n  * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) \n  * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)\n  * Fix table header layout for unselectable tables\n  * Fix initial profile and build host on Image Build page (bsc#1199659)\n\nsubscription-matcher:\n\n- Added Guava maximum version requirement.\n\nsusemanager:\n    \n- Version 4.2.37-1\n  * mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs \n    (bsc#1203449)\n- Version 4.2.36-1\n  * add missing packages on SLES 15\n  * remove server-migrator.sh from SUSE Manager installations (bsc#1202728)\n  * mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573)\n  * add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)\n  * remove python-tornado from bootstrap repo, since no longer required for salt version \u003e= 3000\n  * add openSUSE 15.4 product (bsc#1201527)\n  * add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189)\n\nsusemanager-doc-indexes:\n\n- Documented mandatory channels in the Disconnected Setup chapter of the\n  Administration Guide (bsc#1202464)\n- Documented how to onboard Ubuntu clients with the Salt bundle as a\n  regular user\n- Documented how to onboard Debian clients with the Salt bundle or plain Salt\n  as a regular user\n- Fixed the names of updates channels for Leap\n- Fixed errors in OpenSCAP chapter of Administration Guide\n- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin\n- Removed CentOS 8 from the list of supported client systems\n- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)\n- Reverted single snippet change for two separate books\n- Added extend Salt Bundle functionality with Python packages using pip\n- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH\n- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin\n- Salt Configuration Modules are no longer Technology Preview in Salt Guide.\n- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)\n- Added ports 1232 and 1233 in the Ports section of the Installation and\n  Upgrade Guide; required for Salt SSH Push (bsc#1200532)\n- In the Custom Channel section of the Administration Guide add a note\n  about synchronizing repositories regularly.\n- Removed SUSE Linux Enterprise 11 from the list of supported client systems\n\nsusemanager-docs_en:\n\n- Documented mandatory channels in the Disconnected Setup chapter of the\n  Administration Guide (bsc#1202464)\n- Documented how to onboard Ubuntu clients with the Salt bundle as a\n  regular user\n- Documented how to onboard Debian clients with the Salt bundle or plain Salt\n  as a regular user\n- Fixed the names of updates channels for Leap\n- Fixed errors in OpenSCAP chapter of Administration Guide\n- Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin\n- Removed CentOS 8 from the list of supported client systems\n- Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)\n- Reverted single snippet change for two separate books\n- Added extend Salt Bundle functionality with Python packages using pip\n- Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH\n- Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin\n- Salt Configuration Modules are no longer Technology Preview in Salt Guide.\n- Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)\n- Added ports 1232 and 1233 in the Ports section of the Installation and\n  Upgrade Guide; required for Salt SSH Push (bsc#1200532)\n- In the Custom Channel section of the Administration Guide add a note\n  about synchronizing repositories regularly.\n- Removed SUSE Linux Enterprise 11 from the list of supported client systems\n\nsusemanager-schema:\n\n- Version 4.2.24-1\n  * Fix migration of image actions (bsc#1202272)\n\nsusemanager-sls:\n\n- Version 4.2.27-1\n  * Copy grains file with util.mgr_switch_to_venv_minion state apply\n  * Remove the message \u0027rpm: command not found\u0027 on using Salt SSH\n    with Debian based systems which has no Salt Bundle\n  * Prevent possible tracebacks on calling module.run from mgrcompat\n    by setting proper globals with using LazyLoader\n  * Fix deploy of SLE Micro CA Certificate (bsc#1200276)\n\nuyuni-common-libs:\n\n- Version 4.2.7-1\n  * Do not allow creating path if nonexistent user or group in fileutils.\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-3314,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3314,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3314-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:3314-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223314-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:3314-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012286.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172705",
        "url": "https://bugzilla.suse.com/1172705"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1187028",
        "url": "https://bugzilla.suse.com/1187028"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195455",
        "url": "https://bugzilla.suse.com/1195455"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195895",
        "url": "https://bugzilla.suse.com/1195895"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196729",
        "url": "https://bugzilla.suse.com/1196729"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198168",
        "url": "https://bugzilla.suse.com/1198168"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198489",
        "url": "https://bugzilla.suse.com/1198489"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198738",
        "url": "https://bugzilla.suse.com/1198738"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198903",
        "url": "https://bugzilla.suse.com/1198903"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199372",
        "url": "https://bugzilla.suse.com/1199372"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199659",
        "url": "https://bugzilla.suse.com/1199659"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199913",
        "url": "https://bugzilla.suse.com/1199913"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199950",
        "url": "https://bugzilla.suse.com/1199950"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200276",
        "url": "https://bugzilla.suse.com/1200276"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200296",
        "url": "https://bugzilla.suse.com/1200296"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200480",
        "url": "https://bugzilla.suse.com/1200480"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200532",
        "url": "https://bugzilla.suse.com/1200532"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200573",
        "url": "https://bugzilla.suse.com/1200573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200591",
        "url": "https://bugzilla.suse.com/1200591"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200629",
        "url": "https://bugzilla.suse.com/1200629"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201142",
        "url": "https://bugzilla.suse.com/1201142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201189",
        "url": "https://bugzilla.suse.com/1201189"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201210",
        "url": "https://bugzilla.suse.com/1201210"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201220",
        "url": "https://bugzilla.suse.com/1201220"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201224",
        "url": "https://bugzilla.suse.com/1201224"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201527",
        "url": "https://bugzilla.suse.com/1201527"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201606",
        "url": "https://bugzilla.suse.com/1201606"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201607",
        "url": "https://bugzilla.suse.com/1201607"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201626",
        "url": "https://bugzilla.suse.com/1201626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201753",
        "url": "https://bugzilla.suse.com/1201753"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201913",
        "url": "https://bugzilla.suse.com/1201913"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201918",
        "url": "https://bugzilla.suse.com/1201918"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202142",
        "url": "https://bugzilla.suse.com/1202142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202272",
        "url": "https://bugzilla.suse.com/1202272"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202464",
        "url": "https://bugzilla.suse.com/1202464"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202728",
        "url": "https://bugzilla.suse.com/1202728"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203287",
        "url": "https://bugzilla.suse.com/1203287"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203288",
        "url": "https://bugzilla.suse.com/1203288"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203449",
        "url": "https://bugzilla.suse.com/1203449"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41411 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41411/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-42740 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-42740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43138 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-31129 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-31129/"
      }
    ],
    "title": "Security update for SUSE Manager Server 4.2",
    "tracking": {
      "current_release_date": "2022-09-19T15:38:45Z",
      "generator": {
        "date": "2022-09-19T15:38:45Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:3314-1",
      "initial_release_date": "2022-09-19T15:38:45Z",
      "revision_history": [
        {
          "date": "2022-09-19T15:38:45Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.3-150300.8.22.2.aarch64",
                "product": {
                  "name": "inter-server-sync-0.2.3-150300.8.22.2.aarch64",
                  "product_id": "inter-server-sync-0.2.3-150300.8.22.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_proxy-4.2-150300.4.12.2.aarch64",
                "product": {
                  "name": "patterns-suma_proxy-4.2-150300.4.12.2.aarch64",
                  "product_id": "patterns-suma_proxy-4.2-150300.4.12.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_retail-4.2-150300.4.12.2.aarch64",
                "product": {
                  "name": "patterns-suma_retail-4.2-150300.4.12.2.aarch64",
                  "product_id": "patterns-suma_retail-4.2-150300.4.12.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_server-4.2-150300.4.12.2.aarch64",
                "product": {
                  "name": "patterns-suma_server-4.2-150300.4.12.2.aarch64",
                  "product_id": "patterns-suma_server-4.2-150300.4.12.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
                  "product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64",
                  "product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.37-150300.3.41.1.aarch64",
                "product": {
                  "name": "susemanager-4.2.37-150300.3.41.1.aarch64",
                  "product_id": "susemanager-4.2.37-150300.3.41.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.37-150300.3.41.1.aarch64",
                "product": {
                  "name": "susemanager-tools-4.2.37-150300.3.41.1.aarch64",
                  "product_id": "susemanager-tools-4.2.37-150300.3.41.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "drools-7.17.0-150300.4.6.2.noarch",
                "product": {
                  "name": "drools-7.17.0-150300.4.6.2.noarch",
                  "product_id": "drools-7.17.0-150300.4.6.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
                "product": {
                  "name": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
                  "product_id": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
                "product": {
                  "name": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
                  "product_id": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "mgr-daemon-4.2.10-150300.2.9.4.noarch",
                "product": {
                  "name": "mgr-daemon-4.2.10-150300.2.9.4.noarch",
                  "product_id": "mgr-daemon-4.2.10-150300.2.9.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
                "product": {
                  "name": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
                  "product_id": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
                "product": {
                  "name": "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
                  "product_id": "python2-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
                "product": {
                  "name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
                  "product_id": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
                "product": {
                  "name": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
                  "product_id": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
                "product": {
                  "name": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
                  "product_id": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
                "product": {
                  "name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
                  "product_id": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-netapi-client-0.20.0-150300.3.9.4.noarch",
                "product": {
                  "name": "salt-netapi-client-0.20.0-150300.3.9.4.noarch",
                  "product_id": "salt-netapi-client-0.20.0-150300.3.9.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch",
                "product": {
                  "name": "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch",
                  "product_id": "salt-netapi-client-javadoc-0.20.0-150300.3.9.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
                "product": {
                  "name": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
                  "product_id": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacecmd-4.2.19-150300.4.27.2.noarch",
                "product": {
                  "name": "spacecmd-4.2.19-150300.4.27.2.noarch",
                  "product_id": "spacecmd-4.2.19-150300.4.27.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-admin-4.2.12-150300.3.15.3.noarch",
                "product": {
                  "name": "spacewalk-admin-4.2.12-150300.3.15.3.noarch",
                  "product_id": "spacewalk-admin-4.2.12-150300.3.15.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-cdn-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
                "product": {
                  "name": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
                  "product_id": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-4.2.29-150300.3.27.3.noarch",
                "product": {
                  "name": "spacewalk-base-4.2.29-150300.3.27.3.noarch",
                  "product_id": "spacewalk-base-4.2.29-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
                  "product_id": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
                  "product_id": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
                "product": {
                  "name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
                  "product_id": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-check-4.2.20-150300.4.24.3.noarch",
                "product": {
                  "name": "spacewalk-check-4.2.20-150300.4.24.3.noarch",
                  "product_id": "spacewalk-check-4.2.20-150300.4.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
                "product": {
                  "name": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
                  "product_id": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
                "product": {
                  "name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
                  "product_id": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-dobby-4.2.29-150300.3.27.3.noarch",
                "product": {
                  "name": "spacewalk-dobby-4.2.29-150300.3.27.3.noarch",
                  "product_id": "spacewalk-dobby-4.2.29-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-html-4.2.29-150300.3.27.3.noarch",
                "product": {
                  "name": "spacewalk-html-4.2.29-150300.3.27.3.noarch",
                  "product_id": "spacewalk-html-4.2.29-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch",
                "product": {
                  "name": "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch",
                  "product_id": "spacewalk-html-debug-4.2.29-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-4.2.41-150300.3.43.5.noarch",
                "product": {
                  "name": "spacewalk-java-4.2.41-150300.3.43.5.noarch",
                  "product_id": "spacewalk-java-4.2.41-150300.3.43.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch",
                "product": {
                  "name": "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch",
                  "product_id": "spacewalk-java-apidoc-sources-4.2.41-150300.3.43.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
                "product": {
                  "name": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
                  "product_id": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
                "product": {
                  "name": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
                  "product_id": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
                "product": {
                  "name": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
                  "product_id": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
                  "product_id": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
                  "product_id": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
                  "product_id": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
                  "product_id": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
                  "product_id": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
                  "product_id": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-search-4.2.8-150300.3.12.2.noarch",
                "product": {
                  "name": "spacewalk-search-4.2.8-150300.3.12.2.noarch",
                  "product_id": "spacewalk-search-4.2.8-150300.3.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
                "product": {
                  "name": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
                  "product_id": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "subscription-matcher-0.29-150300.6.12.2.noarch",
                "product": {
                  "name": "subscription-matcher-0.29-150300.6.12.2.noarch",
                  "product_id": "subscription-matcher-0.29-150300.6.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
                "product": {
                  "name": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
                  "product_id": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-docs_en-4.2-150300.12.33.2.noarch",
                "product": {
                  "name": "susemanager-docs_en-4.2-150300.12.33.2.noarch",
                  "product_id": "susemanager-docs_en-4.2-150300.12.33.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
                "product": {
                  "name": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
                  "product_id": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-schema-4.2.24-150300.3.27.3.noarch",
                "product": {
                  "name": "susemanager-schema-4.2.24-150300.3.27.3.noarch",
                  "product_id": "susemanager-schema-4.2.24-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch",
                "product": {
                  "name": "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch",
                  "product_id": "susemanager-schema-sanity-4.2.24-150300.3.27.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-sls-4.2.27-150300.3.33.4.noarch",
                "product": {
                  "name": "susemanager-sls-4.2.27-150300.3.33.4.noarch",
                  "product_id": "susemanager-sls-4.2.27-150300.3.33.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
                "product": {
                  "name": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
                  "product_id": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch",
                "product": {
                  "name": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch",
                  "product_id": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
                "product": {
                  "name": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
                  "product_id": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le",
                "product": {
                  "name": "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le",
                  "product_id": "patterns-suma_proxy-4.2-150300.4.12.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
                "product": {
                  "name": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
                  "product_id": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_server-4.2-150300.4.12.2.ppc64le",
                "product": {
                  "name": "patterns-suma_server-4.2-150300.4.12.2.ppc64le",
                  "product_id": "patterns-suma_server-4.2-150300.4.12.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
                  "product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
                  "product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.37-150300.3.41.1.ppc64le",
                "product": {
                  "name": "susemanager-4.2.37-150300.3.41.1.ppc64le",
                  "product_id": "susemanager-4.2.37-150300.3.41.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
                "product": {
                  "name": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
                  "product_id": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.3-150300.8.22.2.s390x",
                "product": {
                  "name": "inter-server-sync-0.2.3-150300.8.22.2.s390x",
                  "product_id": "inter-server-sync-0.2.3-150300.8.22.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_proxy-4.2-150300.4.12.2.s390x",
                "product": {
                  "name": "patterns-suma_proxy-4.2-150300.4.12.2.s390x",
                  "product_id": "patterns-suma_proxy-4.2-150300.4.12.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_retail-4.2-150300.4.12.2.s390x",
                "product": {
                  "name": "patterns-suma_retail-4.2-150300.4.12.2.s390x",
                  "product_id": "patterns-suma_retail-4.2-150300.4.12.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_server-4.2-150300.4.12.2.s390x",
                "product": {
                  "name": "patterns-suma_server-4.2-150300.4.12.2.s390x",
                  "product_id": "patterns-suma_server-4.2-150300.4.12.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
                  "product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
                  "product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.37-150300.3.41.1.s390x",
                "product": {
                  "name": "susemanager-4.2.37-150300.3.41.1.s390x",
                  "product_id": "susemanager-4.2.37-150300.3.41.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.37-150300.3.41.1.s390x",
                "product": {
                  "name": "susemanager-tools-4.2.37-150300.3.41.1.s390x",
                  "product_id": "susemanager-tools-4.2.37-150300.3.41.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.3-150300.8.22.2.x86_64",
                "product": {
                  "name": "inter-server-sync-0.2.3-150300.8.22.2.x86_64",
                  "product_id": "inter-server-sync-0.2.3-150300.8.22.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
                "product": {
                  "name": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
                  "product_id": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_retail-4.2-150300.4.12.2.x86_64",
                "product": {
                  "name": "patterns-suma_retail-4.2-150300.4.12.2.x86_64",
                  "product_id": "patterns-suma_retail-4.2-150300.4.12.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "patterns-suma_server-4.2-150300.4.12.2.x86_64",
                "product": {
                  "name": "patterns-suma_server-4.2-150300.4.12.2.x86_64",
                  "product_id": "patterns-suma_server-4.2-150300.4.12.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
                  "product_id": "python2-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
                  "product_id": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.37-150300.3.41.1.x86_64",
                "product": {
                  "name": "susemanager-4.2.37-150300.3.41.1.x86_64",
                  "product_id": "susemanager-4.2.37-150300.3.41.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.37-150300.3.41.1.x86_64",
                "product": {
                  "name": "susemanager-tools-4.2.37-150300.3.41.1.x86_64",
                  "product_id": "susemanager-tools-4.2.37-150300.3.41.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy Module 4.2",
                "product": {
                  "name": "SUSE Manager Proxy Module 4.2",
                  "product_id": "SUSE Manager Proxy Module 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server Module 4.2",
                "product": {
                  "name": "SUSE Manager Server Module 4.2",
                  "product_id": "SUSE Manager Server Module 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mgr-daemon-4.2.10-150300.2.9.4.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch"
        },
        "product_reference": "mgr-daemon-4.2.10-150300.2.9.4.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64"
        },
        "product_reference": "patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
        },
        "product_reference": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacecmd-4.2.19-150300.4.27.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch"
        },
        "product_reference": "spacecmd-4.2.19-150300.4.27.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
        },
        "product_reference": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-check-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "spacewalk-check-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch"
        },
        "product_reference": "spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch"
        },
        "product_reference": "spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch"
        },
        "product_reference": "spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch"
        },
        "product_reference": "spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch"
        },
        "product_reference": "spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch"
        },
        "product_reference": "spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch"
        },
        "product_reference": "susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "drools-7.17.0-150300.4.6.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch"
        },
        "product_reference": "drools-7.17.0-150300.4.6.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch"
        },
        "product_reference": "httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch"
        },
        "product_reference": "image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le"
        },
        "product_reference": "inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "inter-server-sync-0.2.3-150300.8.22.2.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x"
        },
        "product_reference": "inter-server-sync-0.2.3-150300.8.22.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "inter-server-sync-0.2.3-150300.8.22.2.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64"
        },
        "product_reference": "inter-server-sync-0.2.3-150300.8.22.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le"
        },
        "product_reference": "patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "patterns-suma_retail-4.2-150300.4.12.2.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x"
        },
        "product_reference": "patterns-suma_retail-4.2-150300.4.12.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "patterns-suma_retail-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64"
        },
        "product_reference": "patterns-suma_retail-4.2-150300.4.12.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "patterns-suma_server-4.2-150300.4.12.2.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le"
        },
        "product_reference": "patterns-suma_server-4.2-150300.4.12.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "patterns-suma_server-4.2-150300.4.12.2.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x"
        },
        "product_reference": "patterns-suma_server-4.2-150300.4.12.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "patterns-suma_server-4.2-150300.4.12.2.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64"
        },
        "product_reference": "patterns-suma_server-4.2-150300.4.12.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch"
        },
        "product_reference": "py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
        },
        "product_reference": "python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-netapi-client-0.20.0-150300.3.9.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch"
        },
        "product_reference": "salt-netapi-client-0.20.0-150300.3.9.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch"
        },
        "product_reference": "saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacecmd-4.2.19-150300.4.27.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch"
        },
        "product_reference": "spacecmd-4.2.19-150300.4.27.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-admin-4.2.12-150300.3.15.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch"
        },
        "product_reference": "spacewalk-admin-4.2.12-150300.3.15.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch"
        },
        "product_reference": "spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch"
        },
        "product_reference": "spacewalk-base-4.2.29-150300.3.27.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch"
        },
        "product_reference": "spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch"
        },
        "product_reference": "spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-html-4.2.29-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch"
        },
        "product_reference": "spacewalk-html-4.2.29-150300.3.27.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch"
        },
        "product_reference": "spacewalk-java-4.2.41-150300.3.43.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch"
        },
        "product_reference": "spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch"
        },
        "product_reference": "spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch"
        },
        "product_reference": "spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-search-4.2.8-150300.3.12.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch"
        },
        "product_reference": "spacewalk-search-4.2.8-150300.3.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch"
        },
        "product_reference": "spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "subscription-matcher-0.29-150300.6.12.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch"
        },
        "product_reference": "subscription-matcher-0.29-150300.6.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.2.37-150300.3.41.1.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le"
        },
        "product_reference": "susemanager-4.2.37-150300.3.41.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.2.37-150300.3.41.1.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x"
        },
        "product_reference": "susemanager-4.2.37-150300.3.41.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.2.37-150300.3.41.1.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64"
        },
        "product_reference": "susemanager-4.2.37-150300.3.41.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch"
        },
        "product_reference": "susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-docs_en-4.2-150300.12.33.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch"
        },
        "product_reference": "susemanager-docs_en-4.2-150300.12.33.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch"
        },
        "product_reference": "susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-schema-4.2.24-150300.3.27.3.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch"
        },
        "product_reference": "susemanager-schema-4.2.24-150300.3.27.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-sls-4.2.27-150300.3.33.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch"
        },
        "product_reference": "susemanager-sls-4.2.27-150300.3.33.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le"
        },
        "product_reference": "susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.2.37-150300.3.41.1.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x"
        },
        "product_reference": "susemanager-tools-4.2.37-150300.3.41.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.2.37-150300.3.41.1.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64"
        },
        "product_reference": "susemanager-tools-4.2.37-150300.3.41.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
        },
        "product_reference": "uyuni-config-modules-4.2.27-150300.3.33.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-41411",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41411"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
          "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
          "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41411",
          "url": "https://www.suse.com/security/cve/CVE-2021-41411"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200629 for CVE-2021-41411",
          "url": "https://bugzilla.suse.com/1200629"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:38:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-41411"
    },
    {
      "cve": "CVE-2021-42740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-42740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
          "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
          "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-42740",
          "url": "https://www.suse.com/security/cve/CVE-2021-42740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203287 for CVE-2021-42740",
          "url": "https://bugzilla.suse.com/1203287"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:38:45Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2021-42740"
    },
    {
      "cve": "CVE-2021-43138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
          "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
          "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43138",
          "url": "https://www.suse.com/security/cve/CVE-2021-43138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200480 for CVE-2021-43138",
          "url": "https://bugzilla.suse.com/1200480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:38:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-43138"
    },
    {
      "cve": "CVE-2022-31129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-31129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
          "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
          "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
          "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
          "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-31129",
          "url": "https://www.suse.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203288 for CVE-2022-31129",
          "url": "https://bugzilla.suse.com/1203288"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-daemon-4.2.10-150300.2.9.4.noarch",
            "SUSE Manager Proxy Module 4.2:patterns-suma_proxy-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.12-150300.3.21.3.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-tftpsync-recv-4.2.5-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.6.2.noarch",
            "SUSE Manager Server Module 4.2:httpcomponents-asyncclient-4.1.4-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.3-150300.8.22.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_retail-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.s390x",
            "SUSE Manager Server Module 4.2:patterns-suma_server-4.2-150300.4.12.2.x86_64",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.23.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.7-150300.3.9.2.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.20.0-150300.3.9.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.19-150300.4.27.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.12-150300.3.15.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.18-150300.3.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.20-150300.4.24.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.29-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.8-150300.3.12.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.41-150300.3.43.5.noarch",
            "SUSE Manager Server Module 4.2:subscription-matcher-0.29-150300.6.12.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.33.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.24-150300.3.27.3.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.27-150300.3.33.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.37-150300.3.41.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.27-150300.3.33.4.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-09-19T15:38:45Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-31129"
    }
  ]
}

SUSE-SU-2022:3761-1

Vulnerability from csaf_suse - Published: 2022-10-26 08:58 - Updated: 2022-10-26 08:58

Summary

Security update for release-notes-susemanager, release-notes-susemanager-proxy

Severity

Moderate

Notes

Title of the patch: Security update for release-notes-susemanager, release-notes-susemanager-proxy

Description of the patch: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585

Patchnames: SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761

CVE-2021-41411

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-42740

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2021-43138

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-0860

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 5 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64	—	Vendor Fix

Threats

Impact important

References

63 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1191857	self
https://bugzilla.suse.com/1195624	self
https://bugzilla.suse.com/1196729	self
https://bugzilla.suse.com/1197027	self
https://bugzilla.suse.com/1198168	self
https://bugzilla.suse.com/1198903	self
https://bugzilla.suse.com/1199726	self
https://bugzilla.suse.com/1200480	self
https://bugzilla.suse.com/1200573	self
https://bugzilla.suse.com/1200629	self
https://bugzilla.suse.com/1201210	self
https://bugzilla.suse.com/1201220	self
https://bugzilla.suse.com/1201260	self
https://bugzilla.suse.com/1201589	self
https://bugzilla.suse.com/1201626	self
https://bugzilla.suse.com/1201753	self
https://bugzilla.suse.com/1201788	self
https://bugzilla.suse.com/1201913	self
https://bugzilla.suse.com/1201918	self
https://bugzilla.suse.com/1202271	self
https://bugzilla.suse.com/1202272	self
https://bugzilla.suse.com/1202367	self
https://bugzilla.suse.com/1202455	self
https://bugzilla.suse.com/1202464	self
https://bugzilla.suse.com/1202602	self
https://bugzilla.suse.com/1202728	self
https://bugzilla.suse.com/1202729	self
https://bugzilla.suse.com/1202805	self
https://bugzilla.suse.com/1202899	self
https://bugzilla.suse.com/1203026	self
https://bugzilla.suse.com/1203049	self
https://bugzilla.suse.com/1203056	self
https://bugzilla.suse.com/1203169	self
https://bugzilla.suse.com/1203287	self
https://bugzilla.suse.com/1203288	self
https://bugzilla.suse.com/1203385	self
https://bugzilla.suse.com/1203406	self
https://bugzilla.suse.com/1203422	self
https://bugzilla.suse.com/1203449	self
https://bugzilla.suse.com/1203478	self
https://bugzilla.suse.com/1203484	self
https://bugzilla.suse.com/1203564	self
https://bugzilla.suse.com/1203585	self
https://bugzilla.suse.com/1203611	self
https://www.suse.com/security/cve/CVE-2021-41411/	self
https://www.suse.com/security/cve/CVE-2021-42740/	self
https://www.suse.com/security/cve/CVE-2021-43138/	self
https://www.suse.com/security/cve/CVE-2022-0860/	self
https://www.suse.com/security/cve/CVE-2022-31129/	self
https://www.suse.com/security/cve/CVE-2021-41411	external
https://bugzilla.suse.com/1200629	external
https://www.suse.com/security/cve/CVE-2021-42740	external
https://bugzilla.suse.com/1203287	external
https://www.suse.com/security/cve/CVE-2021-43138	external
https://bugzilla.suse.com/1200480	external
https://www.suse.com/security/cve/CVE-2022-0860	external
https://bugzilla.suse.com/1197027	external
https://www.suse.com/security/cve/CVE-2022-31129	external
https://bugzilla.suse.com/1203288	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:\n\nRelease notes for SUSE Manager:\n\n- Update to SUSE Manager 4.3.2\n  * Containerized proxy and RBS are now fully supported\n  * HTTP API is now fully supported\n  * Ubuntu 22.04 is now supported as a client\n  * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support\n  * pip support has been added for the Salt Bundle  \n  * Prometheus exporter for Apache has been upgraded to 0.10.0\n  * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129\n  * Bugs mentioned:\n    bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168\n    bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629\n    bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753\n    bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272\n    bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728\n    bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049\n    bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385\n    bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484\n    bsc#1203564, bsc#1203585, bsc#1203611 \n\nRelease notes for SUSE Manager Proxy:\n\n- Update to SUSE Manager 4.3.2\n  * Containerized proxy and RBS are now fully supported\n  * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129\n  * Bugs mentioned:\n    bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788\n    bsc#1203287, bsc#1203288, bsc#1203585 \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3761-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:3761-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:3761-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191857",
        "url": "https://bugzilla.suse.com/1191857"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195624",
        "url": "https://bugzilla.suse.com/1195624"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1196729",
        "url": "https://bugzilla.suse.com/1196729"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1197027",
        "url": "https://bugzilla.suse.com/1197027"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198168",
        "url": "https://bugzilla.suse.com/1198168"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1198903",
        "url": "https://bugzilla.suse.com/1198903"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199726",
        "url": "https://bugzilla.suse.com/1199726"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200480",
        "url": "https://bugzilla.suse.com/1200480"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200573",
        "url": "https://bugzilla.suse.com/1200573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200629",
        "url": "https://bugzilla.suse.com/1200629"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201210",
        "url": "https://bugzilla.suse.com/1201210"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201220",
        "url": "https://bugzilla.suse.com/1201220"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201260",
        "url": "https://bugzilla.suse.com/1201260"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201589",
        "url": "https://bugzilla.suse.com/1201589"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201626",
        "url": "https://bugzilla.suse.com/1201626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201753",
        "url": "https://bugzilla.suse.com/1201753"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201788",
        "url": "https://bugzilla.suse.com/1201788"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201913",
        "url": "https://bugzilla.suse.com/1201913"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201918",
        "url": "https://bugzilla.suse.com/1201918"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202271",
        "url": "https://bugzilla.suse.com/1202271"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202272",
        "url": "https://bugzilla.suse.com/1202272"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202367",
        "url": "https://bugzilla.suse.com/1202367"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202455",
        "url": "https://bugzilla.suse.com/1202455"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202464",
        "url": "https://bugzilla.suse.com/1202464"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202602",
        "url": "https://bugzilla.suse.com/1202602"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202728",
        "url": "https://bugzilla.suse.com/1202728"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202729",
        "url": "https://bugzilla.suse.com/1202729"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202805",
        "url": "https://bugzilla.suse.com/1202805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202899",
        "url": "https://bugzilla.suse.com/1202899"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203026",
        "url": "https://bugzilla.suse.com/1203026"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203049",
        "url": "https://bugzilla.suse.com/1203049"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203056",
        "url": "https://bugzilla.suse.com/1203056"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203169",
        "url": "https://bugzilla.suse.com/1203169"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203287",
        "url": "https://bugzilla.suse.com/1203287"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203288",
        "url": "https://bugzilla.suse.com/1203288"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203385",
        "url": "https://bugzilla.suse.com/1203385"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203406",
        "url": "https://bugzilla.suse.com/1203406"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203422",
        "url": "https://bugzilla.suse.com/1203422"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203449",
        "url": "https://bugzilla.suse.com/1203449"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203478",
        "url": "https://bugzilla.suse.com/1203478"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203484",
        "url": "https://bugzilla.suse.com/1203484"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203564",
        "url": "https://bugzilla.suse.com/1203564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203585",
        "url": "https://bugzilla.suse.com/1203585"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203611",
        "url": "https://bugzilla.suse.com/1203611"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-41411 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-41411/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-42740 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-42740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43138 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0860 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0860/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-31129 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-31129/"
      }
    ],
    "title": "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
    "tracking": {
      "current_release_date": "2022-10-26T08:58:54Z",
      "generator": {
        "date": "2022-10-26T08:58:54Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:3761-1",
      "initial_release_date": "2022-10-26T08:58:54Z",
      "revision_history": [
        {
          "date": "2022-10-26T08:58:54Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64",
                "product": {
                  "name": "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64",
                  "product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64",
                  "product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.2-150400.3.15.1.i586",
                "product": {
                  "name": "release-notes-susemanager-4.3.2-150400.3.15.1.i586",
                  "product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586",
                  "product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le",
                  "product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                "product": {
                  "name": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x",
                  "product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
                "product": {
                  "name": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
                  "product_id": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                "product": {
                  "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "product_id": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 4.3",
                "product": {
                  "name": "SUSE Manager Proxy 4.3",
                  "product_id": "SUSE Manager Proxy 4.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Retail Branch Server 4.3",
                "product": {
                  "name": "SUSE Manager Retail Branch Server 4.3",
                  "product_id": "SUSE Manager Retail Branch Server 4.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.3",
                "product": {
                  "name": "SUSE Manager Server 4.3",
                  "product_id": "SUSE Manager Server 4.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Proxy 4.3",
          "product_id": "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64"
        },
        "product_reference": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Retail Branch Server 4.3",
          "product_id": "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64"
        },
        "product_reference": "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
        "relates_to_product_reference": "SUSE Manager Retail Branch Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le"
        },
        "product_reference": "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x"
        },
        "product_reference": "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 as component of SUSE Manager Server 4.3",
          "product_id": "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
        },
        "product_reference": "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-41411",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-41411"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drools \u003c=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-41411",
          "url": "https://www.suse.com/security/cve/CVE-2021-41411"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200629 for CVE-2021-41411",
          "url": "https://bugzilla.suse.com/1200629"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-26T08:58:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-41411"
    },
    {
      "cve": "CVE-2021-42740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-42740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-42740",
          "url": "https://www.suse.com/security/cve/CVE-2021-42740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203287 for CVE-2021-42740",
          "url": "https://bugzilla.suse.com/1203287"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-26T08:58:54Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2021-42740"
    },
    {
      "cve": "CVE-2021-43138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43138",
          "url": "https://www.suse.com/security/cve/CVE-2021-43138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200480 for CVE-2021-43138",
          "url": "https://bugzilla.suse.com/1200480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-26T08:58:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-43138"
    },
    {
      "cve": "CVE-2022-0860",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0860"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0860",
          "url": "https://www.suse.com/security/cve/CVE-2022-0860"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197027 for CVE-2022-0860",
          "url": "https://bugzilla.suse.com/1197027"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-26T08:58:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-0860"
    },
    {
      "cve": "CVE-2022-31129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-31129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
          "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-31129",
          "url": "https://www.suse.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203288 for CVE-2022-31129",
          "url": "https://bugzilla.suse.com/1203288"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-26T08:58:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-31129"
    }
  ]
}

SUSE-SU-2023:0592-1

Vulnerability from csaf_suse - Published: 2023-03-02 08:32 - Updated: 2023-03-02 08:32

Summary

Security update for SUSE Manager Server 4.2

Severity

Critical

Notes

Title of the patch: Security update for SUSE Manager Server 4.2

Description of the patch: This update fixes the following issues: cobbler: - Fix improper authorization (bsc#1197027, CVE-2022-0860) - Prevent error when starting up logrotate.service (bsc#1188191) drools: - Deserialization of Untrusted Data: unsafe data deserialization in DroolsStreamUtils.java (bsc#1204879, CVE-2022-1415) grafana-formula: - Version 0.8.1 * Fix Uyuni/SUMA dashboard names - Version 0.8.0 * Set dashboard names depending on project * Update dashboards to use new JSON schema * Fix PostgreSQL dashboard queries * Migrate deprecated panels to their current replacements - Version 0.7.1 * Fix default password field description (bsc#1203698) * Do not require default admin and password fields inter-server-sync: - Version 0.2.7 * Do not update pillars table if it does not exists like in 4.2 - Version 0.2.6 * Export package extra tags for complete debian repo metatdata (bsc#1206375) * Replace URLs in OS Images pillars when exporting and importing images - Version 0.2.5 * Correct error when importing without debug log level (bsc#1204699) mgr-osad: - Version 4.2.9-1 * Updated logrotate configuration (bsc#1206470) prometheus-formula: - Version 0.7.0 * Switch from basic authentication to TLS certificate client authentication for Blackbox exporter * Fix scheme label in clients targets configration * Add README.md py27-compat-salt: - Ignore extend declarations from excluded SLS files (bsc#1203886) - Enhance capture of error messages for Zypper calls in zypperpkg module rhnlib: - Version 4.2.7-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) saltboot-formula: - Update to version 0.1.1676908681.e90e0b1 * Add failsafe stop file when salt-minion does not stop (bsc#1208418) * Support salt bundle (bsc#1208499) salt-netapi-client: - Version 0.21.0 * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.21.0 - Add transactional_update module - Improve logging when creating salt exception smdba: - Version 1.7.11 * fix config update from wal_keep_segments to wal_keep_size for newer postgresql versions (bsc#1204519) spacecmd: - Version 4.2.21-1 * Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759) * Add python-dateutil dependency, required to process date values in spacecmd api calls * Correctly understand 'ssm' keyword on scap scheduling * Fix dict_keys not supporting indexing in systems_setconfigchannelorger spacewalk-admin: - Version 4.2.13-1 * Generate uyuni_roster.conf with salt-secrets-config (bsc#1200096) spacewalk-backend: - Version 4.2.26-1 * Fix reposync error about missing 'content-type' key when syncing certain channels * Compute headers as list of two-tuples to be used by url grabber (bsc#1205523) * Updated logrotate configuration (bsc#1206470) * Add 'octet-stream' to accepted content-types for reposync mirrorlists * Exclude invalid mirror urls for reposync (bsc#1203826) * do not fetch mirrorlist when a file url is given * Keep older module metadata files in database (bsc#1201893) * Removed the activation keys report from the debug information spacewalk-certs-tools: - Version 4.2.19-1 * some i18n functions moved to new module which needs to be loaded (bsc#1201142) * Generated bootstrap scripts installs all needed Salt 3004 dependencies for Ubuntu 18.04 (bsc#1204517) spacewalk-client-tools: - Version 4.2.22-1 * Update translation strings spacewalk-java: - Version 4.2.47-1 * Use uyuni roster salt module instead of flat roster files (bsc#1200096) - Version 4.2.46-1 * Fix registration with proxy and tunnel SSH (bsc#1200096) - Version 4.2.45-1 * Add 'none' matcher to CLM AppStream filters (bsc#1206817) * Improve logs when sls action chain file is missing * Do not forward ssh command if proxy and tunnel are present (bsc#1200096) * Fix not being able to delete CLM environment if there are custom child channels that where not built by the environment (bsc#1206932) * Include missing 'gpg' states to avoid issues on SSH minions. * Optimize the number of salt calls on minion startup (bsc#1203532) * Fix CVE Audit ignoring errata in parent channels if patch in successor product exists (bsc#1206168) * Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663) * Fix modular channel check during system update via XMLRPC (bsc#1206613) * Trigger a package profile update when a new live-patch is installed (bsc#1206249) * prevent ISE on activation key page when selected base channel value is null * Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943) * Updated logrotate configuration (bsc#1206470) * Limit changelog data in generated metadata to 20 entries * Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979) * check for NULL in DEB package install size value * Allowed cancelling pending actions with a failed prerequisite (bsc#1204712) * disable cloned vendor channel auto selection by default (bsc#1204186) * adapt permissions of temporary ssh key directory * format results for package, errata and image build actions in system history similar to state apply results * Fix ClassCastException * Run only minion actions that are in the pending status (bsc#1205012) * Manager reboot in transactional update action chain (bsc#1201476 * Optimize performance of config channels operations for UI and API (bsc#1204029) * Don't add the same channel twice in the System config addChannel API (bsc#1204029) * fix xmlrpc call randomly failing with translation error (bsc#1203633) * Optimize action chain processing on job return event (bsc#1203532) * Re-calculate salt event queue numbers on restart * Fix out of memory error when building a CLM project (bsc#1202217) * Process salt events in FIFO order (bsc#1203532) * Remove 'SSM' column text where not applicable (bsc#1203588) * Fix rendering of ssm/MigrateSystems page (bsc#1204651) * Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093) * Deny packages from older module metadata when building CLM projects (bsc#1201893) * Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169) * delay hardware refresh action to avoid missing channels (bsc#1204208) * During re-activation, recalculate grains if * Remove unused gson-extras.jar during build spacewalk-search: - Version 4.2.9-1 * Updated logrotate configuration (bsc#1206470) spacewalk-web: - Version 4.2.32-1 * Add 'none' matcher to CLM AppStream filters (bsc#1206817) * fix frontend logging in react pages * Add bugzilla references to past security fixes * shell-quote fix CVE-2021-42740 (bsc#1203287) * moment fix CVE-2022-31129 (bsc#1203288) supportutils-plugin-susemanager: - Version 4.2.5-1 * Added dependency for XML Simple * update susemanager plugin to export the number of pending salt events susemanager: - Version 4.2.40-1 * Add mgr-salt-ssh wrapper to use with uyuni roster Salt module (bsc#1200096) - Version 4.2.39-1 * fix bootstrap repo path for SLES for SAP 12 (bsc#1207141) * make venv-salt-minion optional for SUSE Manager Proxy 4.2 bootstrap repository (bsc#1206933) * show RHEL target for bootstrap repo creation only if it is really connected to the CDN (bsc#1206861) * add python3-extras to bootstrap repo as dependency of python3-libxml2, optional SLES 15 does not have it and it is only required on SP4 or greater (bsc#1204437) susemanager-build-keys: - Version 15.3.6 * Add rpmlintrc configuration, so 'W: backup-file-in-package' for the keyring is ignored. We do not ship backup files, but we own them because they are created each time gpg is called, and we want them removed if the package is removed - uyuni-build-keys.rpmlintrc susemanager-doc-indexes: - Include RHEL7 in Salt 3000 to Salt Bundle migration section of the Client Configuration Guide - Update Salt Bundle guide as Salt Bundle is now the default registration method - Re-added statement about Cobbler support in Reference Guide and Client Configuration Guide (bsc#1206963) - Added information about java.salt_event_thread_pool_size in Large Deployments Guide - Added information about GPG key usage in the Debian section of the - Updated default number of changelog entries in Administration Guide - Include migration guide from Salt 3000 to Bundle for SUSE Linux Enterprise 12 and CentOS7 in Troubleshooting Clients - Removed mentions to ABRT in Reference Guide - Extended note about using Salt SSH with Salt Bundle in 4.2 - Fixed Liberty Linux client tools label in Client Configuration Guide susemanager-docs_en: - Include RHEL7 in Salt 3000 to Salt Bundle migration section of the Client Configuration Guide - Update Salt Bundle guide as Salt Bundle is now the default registration method - Re-added statement about Cobbler support in Reference Guide and Client Configuration Guide (bsc#1206963) - Added information about java.salt_event_thread_pool_size in Large Deployments Guide - Added information about GPG key usage in the Debian section of the - Updated default number of changelog entries in Administration Guide - Include migration guide from Salt 3000 to Bundle for SUSE Linux Enterprise 12 and CentOS7 in Troubleshooting Clients. - Removed mentions to ABRT in Reference Guide - Extended note about using Salt SSH with Salt Bundle in 4.2 - Fixed Liberty Linux client tools label in Client Configuration Guide susemanager-schema: - Version 4.2.27-1 * Add created and modified fields to suseMinionInfo to make uyuni roster module cache validation more accurate (bsc#1200096) - Version 4.2.26-1 * Add 'none' matcher to CLM AppStream filters (bsc#1206817) * Increase cron_expr varchar length to 120 in suseRecurringAction table (bsc#1205040) * Keep older module metadata files in database (bsc#1201893) * Fix setting of last modified date in channel clone procedure susemanager-sls: - Version 4.2.30-1 * Flush uyuni roster cache if the config has changed * Implement uyuni roster module for Salt (bsc#1200096) - Version 4.2.30-1 * Fix dnf plugin path calculation when using Salt Bundle (bsc#1208335) - Version 4.2.29-1 * Improve _mgractionchains.conf logs * Prevent possible errors from 'mgractionschains' module when there is no action chain to resume. * Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981) * Fix custom 'mgrcompat.module_run' state module to work with Salt 3005.1 * filter out libvirt engine events (bsc#1206146) * Optimize the number of salt calls on minion startup (bsc#1203532) * Updated logrotate configuration (bsc#1206470) * Make libvirt-events.conf path depend on what minion is used (bsc#1205920) * Fix kiwi inspect regexp to allow image names with '-' (bsc#1204541) * Avoid installing recommended packages from assigned products (bsc#1204330) * Manager reboot in transactional update action chain (bsc#1201476) * Use the actual sudo user home directory for salt ssh clients on bootstrap and clean up (bsc#1202093) * Perform refresh with packages.pkgupdate state (bsc#1203884) uyuni-common-libs: - Version 4.2.9-1 * Fix crash due missing 'context_manager' when running salt-secrets-config service (bsc#1200096) - Version 4.2.8-1 * some i18n functions moved to new module which needs to be loaded (bsc#1201142) virtual-host-gatherer: - Version 1.0.24-1 * Report total memory of a libvirt hypervisor * Improve interoperability with other Python projects woodstox: - CVE-2022-40152: Fixed stack overflow in XML serialization. (bsc#1203521) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`

Patchnames: SUSE-2023-592,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-592,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-592

CVE-2021-42740

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 98 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch	—	Vendor Fix

Threats

Impact critical

CVE-2022-0860

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products

Recommended 98 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch	—	Vendor Fix

Threats

Impact important

CVE-2022-1415

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 98 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2022-31129

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 98 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch	—	Vendor Fix

Threats

Impact important

CVE-2022-40152

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 98 products

Product	Version	Remediation
Unresolved product id: SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch	—	Vendor Fix

Threats

Impact moderate

References

76 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1188191	self
https://bugzilla.suse.com/1195979	self
https://bugzilla.suse.com/1197027	self
https://bugzilla.suse.com/1200096	self
https://bugzilla.suse.com/1200169	self
https://bugzilla.suse.com/1201142	self
https://bugzilla.suse.com/1201476	self
https://bugzilla.suse.com/1201893	self
https://bugzilla.suse.com/1202093	self
https://bugzilla.suse.com/1202217	self
https://bugzilla.suse.com/1203287	self
https://bugzilla.suse.com/1203288	self
https://bugzilla.suse.com/1203521	self
https://bugzilla.suse.com/1203532	self
https://bugzilla.suse.com/1203588	self
https://bugzilla.suse.com/1203633	self
https://bugzilla.suse.com/1203698	self
https://bugzilla.suse.com/1203826	self
https://bugzilla.suse.com/1203884	self
https://bugzilla.suse.com/1203886	self
https://bugzilla.suse.com/1204029	self
https://bugzilla.suse.com/1204032	self
https://bugzilla.suse.com/1204186	self
https://bugzilla.suse.com/1204208	self
https://bugzilla.suse.com/1204330	self
https://bugzilla.suse.com/1204437	self
https://bugzilla.suse.com/1204517	self
https://bugzilla.suse.com/1204519	self
https://bugzilla.suse.com/1204541	self
https://bugzilla.suse.com/1204651	self
https://bugzilla.suse.com/1204699	self
https://bugzilla.suse.com/1204712	self
https://bugzilla.suse.com/1204879	self
https://bugzilla.suse.com/1205012	self
https://bugzilla.suse.com/1205040	self
https://bugzilla.suse.com/1205523	self
https://bugzilla.suse.com/1205663	self
https://bugzilla.suse.com/1205759	self
https://bugzilla.suse.com/1205920	self
https://bugzilla.suse.com/1205943	self
https://bugzilla.suse.com/1206146	self
https://bugzilla.suse.com/1206168	self
https://bugzilla.suse.com/1206249	self
https://bugzilla.suse.com/1206375	self
https://bugzilla.suse.com/1206470	self
https://bugzilla.suse.com/1206613	self
https://bugzilla.suse.com/1206817	self
https://bugzilla.suse.com/1206861	self
https://bugzilla.suse.com/1206932	self
https://bugzilla.suse.com/1206933	self
https://bugzilla.suse.com/1206963	self
https://bugzilla.suse.com/1206979	self
https://bugzilla.suse.com/1206981	self
https://bugzilla.suse.com/1207141	self
https://bugzilla.suse.com/1208335	self
https://bugzilla.suse.com/1208418	self
https://bugzilla.suse.com/1208499	self
https://www.suse.com/security/cve/CVE-2021-42740/	self
https://www.suse.com/security/cve/CVE-2022-0860/	self
https://www.suse.com/security/cve/CVE-2022-1415/	self
https://www.suse.com/security/cve/CVE-2022-31129/	self
https://www.suse.com/security/cve/CVE-2022-40152/	self
https://www.suse.com/security/cve/CVE-2021-42740	external
https://bugzilla.suse.com/1203287	external
https://www.suse.com/security/cve/CVE-2022-0860	external
https://bugzilla.suse.com/1197027	external
https://www.suse.com/security/cve/CVE-2022-1415	external
https://bugzilla.suse.com/1204879	external
https://www.suse.com/security/cve/CVE-2022-31129	external
https://bugzilla.suse.com/1203288	external
https://www.suse.com/security/cve/CVE-2022-40152	external
https://bugzilla.suse.com/1203521	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SUSE Manager Server 4.2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update fixes the following issues:\n\ncobbler:\n\n- Fix improper authorization (bsc#1197027, CVE-2022-0860)\n- Prevent error when starting up logrotate.service (bsc#1188191)\n\ndrools:\n\n- Deserialization of Untrusted Data: unsafe data deserialization\n  in DroolsStreamUtils.java (bsc#1204879, CVE-2022-1415)\n\ngrafana-formula:\n\n- Version 0.8.1\n  * Fix Uyuni/SUMA dashboard names\n- Version 0.8.0\n  * Set dashboard names depending on project\n  * Update dashboards to use new JSON schema\n  * Fix PostgreSQL dashboard queries\n  * Migrate deprecated panels to their current replacements\n- Version 0.7.1\n  * Fix default password field description (bsc#1203698)\n  * Do not require default admin and password fields\n\ninter-server-sync:\n\n- Version 0.2.7\n  * Do not update pillars table if it does not exists like in 4.2\n- Version 0.2.6\n  * Export package extra tags for complete debian repo metatdata (bsc#1206375)\n  * Replace URLs in OS Images pillars when exporting and importing images\n- Version 0.2.5 \n  * Correct error when importing without debug log level (bsc#1204699)\n\nmgr-osad:\n\n- Version 4.2.9-1\n  * Updated logrotate configuration (bsc#1206470)\n\nprometheus-formula:\n\n- Version 0.7.0\n  * Switch from basic authentication to TLS certificate client\n    authentication for Blackbox exporter\n  * Fix scheme label in clients targets configration\n  * Add README.md\n\npy27-compat-salt:\n\n- Ignore extend declarations from excluded SLS files (bsc#1203886)\n- Enhance capture of error messages for Zypper calls in zypperpkg module\n\nrhnlib:\n\n- Version 4.2.7-1\n  * Don\u0027t get stuck at the end of SSL transfers (bsc#1204032)\n\nsaltboot-formula:\n\n- Update to version 0.1.1676908681.e90e0b1\n  * Add failsafe stop file when salt-minion does not stop (bsc#1208418)\n  * Support salt bundle (bsc#1208499)\n\nsalt-netapi-client:\n\n- Version 0.21.0\n  * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.21.0\n- Add transactional_update module\n- Improve logging when creating salt exception\n\nsmdba:\n\n- Version 1.7.11\n  * fix config update from wal_keep_segments to wal_keep_size for\n    newer postgresql versions (bsc#1204519)\n\nspacecmd:\n\n- Version 4.2.21-1\n  * Prevent string api parameters to be parsed as dates if not in\n    ISO-8601 format (bsc#1205759)\n  * Add python-dateutil dependency, required to process date values in\n    spacecmd api calls\n  * Correctly understand \u0027ssm\u0027 keyword on scap scheduling\n  * Fix dict_keys not supporting indexing in systems_setconfigchannelorger\n\nspacewalk-admin:\n\n- Version 4.2.13-1\n  * Generate uyuni_roster.conf with salt-secrets-config (bsc#1200096)\n\nspacewalk-backend:\n\n- Version 4.2.26-1\n  * Fix reposync error about missing \u0027content-type\u0027 key when syncing certain channels\n  * Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)\n  * Updated logrotate configuration (bsc#1206470)\n  * Add \u0027octet-stream\u0027 to accepted content-types for reposync mirrorlists\n  * Exclude invalid mirror urls for reposync (bsc#1203826)\n  * do not fetch mirrorlist when a file url is given\n  * Keep older module metadata files in database (bsc#1201893)\n  * Removed the activation keys report from the debug information\n\nspacewalk-certs-tools:\n\n- Version 4.2.19-1\n  * some i18n functions moved to new module which needs to be loaded\n    (bsc#1201142)\n  * Generated bootstrap scripts installs all needed Salt 3004 dependencies\n    for Ubuntu 18.04 (bsc#1204517)\n\nspacewalk-client-tools:\n\n- Version 4.2.22-1\n  * Update translation strings\n\nspacewalk-java:\n\n- Version 4.2.47-1\n  * Use uyuni roster salt module instead of flat roster files (bsc#1200096)\n- Version 4.2.46-1\n  * Fix registration with proxy and tunnel SSH (bsc#1200096)\n- Version 4.2.45-1\n  * Add \u0027none\u0027 matcher to CLM AppStream filters (bsc#1206817)\n  * Improve logs when sls action chain file is missing\n  * Do not forward ssh command if proxy and tunnel are present (bsc#1200096)\n  * Fix not being able to delete CLM environment if there are custom child\n    channels that where not built by the environment (bsc#1206932)\n  * Include missing \u0027gpg\u0027 states to avoid issues on SSH minions.\n  * Optimize the number of salt calls on minion startup (bsc#1203532)\n  * Fix CVE Audit ignoring errata in parent channels if patch in successor\n    product exists (bsc#1206168)\n  * Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)\n  * Fix modular channel check during system update via XMLRPC (bsc#1206613)\n  * Trigger a package profile update when a new live-patch is installed (bsc#1206249)\n  * prevent ISE on activation key page when selected base channel value is null\n  * Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)\n  * Updated logrotate configuration (bsc#1206470)\n  * Limit changelog data in generated metadata to 20 entries\n  * Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)\n  * check for NULL in DEB package install size value\n  * Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)\n  * disable cloned vendor channel auto selection by default (bsc#1204186)\n  * adapt permissions of temporary ssh key directory\n  * format results for package, errata and image build actions in\n    system history similar to state apply results\n  * Fix ClassCastException\n  * Run only minion actions that are in the pending status (bsc#1205012)\n  * Manager reboot in transactional update action chain (bsc#1201476\n  * Optimize performance of config channels operations for UI and API (bsc#1204029)\n  * Don\u0027t add the same channel twice in the System config addChannel API (bsc#1204029)\n  * fix xmlrpc call randomly failing with translation error (bsc#1203633)\n  * Optimize action chain processing on job return event (bsc#1203532)\n  * Re-calculate salt event queue numbers on restart\n  * Fix out of memory error when building a CLM project (bsc#1202217)\n  * Process salt events in FIFO order (bsc#1203532)\n  * Remove \u0027SSM\u0027 column text where not applicable (bsc#1203588)\n  * Fix rendering of ssm/MigrateSystems page (bsc#1204651)\n  * Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093)\n  * Deny packages from older module metadata when building CLM projects (bsc#1201893)\n  * Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169)\n  * delay hardware refresh action to avoid missing channels (bsc#1204208)\n  * During re-activation, recalculate grains if\n  * Remove unused gson-extras.jar during build\n\nspacewalk-search:\n\n- Version 4.2.9-1\n  * Updated logrotate configuration (bsc#1206470)\n\nspacewalk-web:\n\n- Version 4.2.32-1\n  * Add \u0027none\u0027 matcher to CLM AppStream filters (bsc#1206817)\n  * fix frontend logging in react pages\n  * Add bugzilla references to past security fixes\n    * shell-quote fix CVE-2021-42740 (bsc#1203287)\n    * moment fix CVE-2022-31129 (bsc#1203288)\n\nsupportutils-plugin-susemanager:\n\n- Version 4.2.5-1\n  * Added dependency for XML Simple\n  * update susemanager plugin to export the number of pending salt events\n\nsusemanager:\n\n- Version 4.2.40-1\n  * Add mgr-salt-ssh wrapper to use with uyuni roster Salt module (bsc#1200096)\n- Version 4.2.39-1\n  * fix bootstrap repo path for SLES for SAP 12 (bsc#1207141)\n  * make venv-salt-minion optional for SUSE Manager Proxy 4.2\n    bootstrap repository (bsc#1206933)\n  * show RHEL target for bootstrap repo creation only if it is\n    really connected to the CDN (bsc#1206861)\n  * add python3-extras to bootstrap repo as dependency of\n    python3-libxml2, optional SLES 15 does not have it and it\n    is only required on SP4 or greater (bsc#1204437) \n\nsusemanager-build-keys:\n\n- Version 15.3.6\n  * Add rpmlintrc configuration, so \u0027W: backup-file-in-package\u0027 for\n    the keyring is ignored. We do not ship backup files, but we own them\n    because they are created each time gpg is called, and we want them\n    removed if the package is removed\n  - uyuni-build-keys.rpmlintrc\n\nsusemanager-doc-indexes:\n\n- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the\n  Client Configuration Guide\n- Update Salt Bundle guide as Salt Bundle is now the default\n  registration method\n- Re-added statement about Cobbler support in Reference Guide and Client\n  Configuration Guide (bsc#1206963)\n- Added information about java.salt_event_thread_pool_size in Large\n  Deployments Guide\n- Added information about GPG key usage in the Debian section of the\n- Updated default number of changelog entries in Administration Guide\n- Include migration guide from Salt 3000 to Bundle for SUSE Linux \n  Enterprise 12 and CentOS7 in Troubleshooting Clients\n- Removed mentions to ABRT in Reference Guide\n- Extended note about using Salt SSH with Salt Bundle in 4.2\n- Fixed Liberty Linux client tools label in Client Configuration\n  Guide\n\nsusemanager-docs_en:\n\n- Include RHEL7 in Salt 3000 to Salt Bundle migration section of the \n  Client Configuration Guide\n- Update Salt Bundle guide as Salt Bundle is now the default \n  registration method\n- Re-added statement about Cobbler support in Reference Guide and Client\n  Configuration Guide (bsc#1206963)\n- Added information about java.salt_event_thread_pool_size in Large\n  Deployments Guide\n- Added information about GPG key usage in the Debian section of the \n- Updated default number of changelog entries in Administration Guide\n- Include migration guide from Salt 3000 to Bundle for SUSE Linux \n  Enterprise 12 and CentOS7 in Troubleshooting Clients.\n- Removed mentions to ABRT in Reference Guide\n- Extended note about using Salt SSH with Salt Bundle in 4.2\n- Fixed Liberty Linux client tools label in Client Configuration \n  Guide\n\nsusemanager-schema:\n\n- Version 4.2.27-1\n  * Add created and modified fields to suseMinionInfo to make uyuni roster module cache validation more \n    accurate (bsc#1200096)\n- Version 4.2.26-1\n  * Add \u0027none\u0027 matcher to CLM AppStream filters (bsc#1206817)\n  * Increase cron_expr varchar length to 120 in suseRecurringAction\n    table (bsc#1205040)\n  * Keep older module metadata files in database (bsc#1201893)\n  * Fix setting of last modified date in channel clone procedure\n\nsusemanager-sls:\n\n- Version 4.2.30-1\n  * Flush uyuni roster cache if the config has changed\n  * Implement uyuni roster module for Salt (bsc#1200096)\n- Version 4.2.30-1\n  * Fix dnf plugin path calculation when using Salt Bundle (bsc#1208335)\n- Version 4.2.29-1\n  * Improve _mgractionchains.conf logs\n  * Prevent possible errors from \u0027mgractionschains\u0027 module when there is no action chain to resume.\n  * Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981)\n  * Fix custom \u0027mgrcompat.module_run\u0027 state module to work with Salt 3005.1\n  * filter out libvirt engine events (bsc#1206146)\n  * Optimize the number of salt calls on minion startup (bsc#1203532)\n  * Updated logrotate configuration (bsc#1206470)\n  * Make libvirt-events.conf path depend on what minion is used (bsc#1205920)\n  * Fix kiwi inspect regexp to allow image names with \u0027-\u0027 (bsc#1204541)\n  * Avoid installing recommended packages from assigned products (bsc#1204330)\n  * Manager reboot in transactional update action chain (bsc#1201476)\n  * Use the actual sudo user home directory for salt ssh\n    clients on bootstrap and clean up (bsc#1202093)\n  * Perform refresh with packages.pkgupdate state (bsc#1203884)\n\nuyuni-common-libs:\n\n- Version 4.2.9-1\n  * Fix crash due missing \u0027context_manager\u0027 when running salt-secrets-config service (bsc#1200096)\n- Version 4.2.8-1\n  * some i18n functions moved to new module which needs to be loaded\n    (bsc#1201142)\n\nvirtual-host-gatherer:\n\n- Version 1.0.24-1\n  * Report total memory of a libvirt hypervisor\n  * Improve interoperability with other Python projects\n\nwoodstox:\n\n- CVE-2022-40152: Fixed stack overflow in XML serialization. (bsc#1203521)\n\nHow to apply this update:\n\n1. Log in as root user to the SUSE Manager Server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-592,SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-592,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-592",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0592-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:0592-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230592-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:0592-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018012.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188191",
        "url": "https://bugzilla.suse.com/1188191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1195979",
        "url": "https://bugzilla.suse.com/1195979"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1197027",
        "url": "https://bugzilla.suse.com/1197027"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200096",
        "url": "https://bugzilla.suse.com/1200096"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1200169",
        "url": "https://bugzilla.suse.com/1200169"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201142",
        "url": "https://bugzilla.suse.com/1201142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201476",
        "url": "https://bugzilla.suse.com/1201476"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1201893",
        "url": "https://bugzilla.suse.com/1201893"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202093",
        "url": "https://bugzilla.suse.com/1202093"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1202217",
        "url": "https://bugzilla.suse.com/1202217"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203287",
        "url": "https://bugzilla.suse.com/1203287"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203288",
        "url": "https://bugzilla.suse.com/1203288"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203521",
        "url": "https://bugzilla.suse.com/1203521"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203532",
        "url": "https://bugzilla.suse.com/1203532"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203588",
        "url": "https://bugzilla.suse.com/1203588"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203633",
        "url": "https://bugzilla.suse.com/1203633"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203698",
        "url": "https://bugzilla.suse.com/1203698"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203826",
        "url": "https://bugzilla.suse.com/1203826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203884",
        "url": "https://bugzilla.suse.com/1203884"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203886",
        "url": "https://bugzilla.suse.com/1203886"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204029",
        "url": "https://bugzilla.suse.com/1204029"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204032",
        "url": "https://bugzilla.suse.com/1204032"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204186",
        "url": "https://bugzilla.suse.com/1204186"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204208",
        "url": "https://bugzilla.suse.com/1204208"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204330",
        "url": "https://bugzilla.suse.com/1204330"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204437",
        "url": "https://bugzilla.suse.com/1204437"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204517",
        "url": "https://bugzilla.suse.com/1204517"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204519",
        "url": "https://bugzilla.suse.com/1204519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204541",
        "url": "https://bugzilla.suse.com/1204541"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204651",
        "url": "https://bugzilla.suse.com/1204651"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204699",
        "url": "https://bugzilla.suse.com/1204699"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204712",
        "url": "https://bugzilla.suse.com/1204712"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204879",
        "url": "https://bugzilla.suse.com/1204879"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205012",
        "url": "https://bugzilla.suse.com/1205012"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205040",
        "url": "https://bugzilla.suse.com/1205040"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205523",
        "url": "https://bugzilla.suse.com/1205523"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205663",
        "url": "https://bugzilla.suse.com/1205663"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205759",
        "url": "https://bugzilla.suse.com/1205759"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205920",
        "url": "https://bugzilla.suse.com/1205920"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205943",
        "url": "https://bugzilla.suse.com/1205943"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206146",
        "url": "https://bugzilla.suse.com/1206146"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206168",
        "url": "https://bugzilla.suse.com/1206168"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206249",
        "url": "https://bugzilla.suse.com/1206249"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206375",
        "url": "https://bugzilla.suse.com/1206375"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206470",
        "url": "https://bugzilla.suse.com/1206470"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206613",
        "url": "https://bugzilla.suse.com/1206613"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206817",
        "url": "https://bugzilla.suse.com/1206817"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206861",
        "url": "https://bugzilla.suse.com/1206861"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206932",
        "url": "https://bugzilla.suse.com/1206932"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206933",
        "url": "https://bugzilla.suse.com/1206933"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206963",
        "url": "https://bugzilla.suse.com/1206963"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206979",
        "url": "https://bugzilla.suse.com/1206979"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1206981",
        "url": "https://bugzilla.suse.com/1206981"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1207141",
        "url": "https://bugzilla.suse.com/1207141"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208335",
        "url": "https://bugzilla.suse.com/1208335"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208418",
        "url": "https://bugzilla.suse.com/1208418"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208499",
        "url": "https://bugzilla.suse.com/1208499"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-42740 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-42740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0860 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0860/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1415 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1415/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-31129 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-31129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-40152 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-40152/"
      }
    ],
    "title": "Security update for SUSE Manager Server 4.2",
    "tracking": {
      "current_release_date": "2023-03-02T08:32:44Z",
      "generator": {
        "date": "2023-03-02T08:32:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:0592-1",
      "initial_release_date": "2023-03-02T08:32:44Z",
      "revision_history": [
        {
          "date": "2023-03-02T08:32:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.7-150300.8.28.2.aarch64",
                "product": {
                  "name": "inter-server-sync-0.2.7-150300.8.28.2.aarch64",
                  "product_id": "inter-server-sync-0.2.7-150300.8.28.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64",
                  "product_id": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64",
                  "product_id": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "smdba-1.7.11-0.150300.3.12.2.aarch64",
                "product": {
                  "name": "smdba-1.7.11-0.150300.3.12.2.aarch64",
                  "product_id": "smdba-1.7.11-0.150300.3.12.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.40-150300.3.49.1.aarch64",
                "product": {
                  "name": "susemanager-4.2.40-150300.3.49.1.aarch64",
                  "product_id": "susemanager-4.2.40-150300.3.49.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.40-150300.3.49.1.aarch64",
                "product": {
                  "name": "susemanager-tools-4.2.40-150300.3.49.1.aarch64",
                  "product_id": "susemanager-tools-4.2.40-150300.3.49.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cobbler-3.1.2-150300.5.19.1.noarch",
                "product": {
                  "name": "cobbler-3.1.2-150300.5.19.1.noarch",
                  "product_id": "cobbler-3.1.2-150300.5.19.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "cobbler-tests-3.1.2-150300.5.19.1.noarch",
                "product": {
                  "name": "cobbler-tests-3.1.2-150300.5.19.1.noarch",
                  "product_id": "cobbler-tests-3.1.2-150300.5.19.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "cobbler-web-3.1.2-150300.5.19.1.noarch",
                "product": {
                  "name": "cobbler-web-3.1.2-150300.5.19.1.noarch",
                  "product_id": "cobbler-web-3.1.2-150300.5.19.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "drools-7.17.0-150300.4.9.2.noarch",
                "product": {
                  "name": "drools-7.17.0-150300.4.9.2.noarch",
                  "product_id": "drools-7.17.0-150300.4.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "grafana-formula-0.8.1-150300.3.9.2.noarch",
                "product": {
                  "name": "grafana-formula-0.8.1-150300.3.9.2.noarch",
                  "product_id": "grafana-formula-0.8.1-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
                "product": {
                  "name": "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
                  "product_id": "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "mgr-osad-4.2.9-150300.2.12.2.noarch",
                "product": {
                  "name": "mgr-osad-4.2.9-150300.2.12.2.noarch",
                  "product_id": "mgr-osad-4.2.9-150300.2.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-formula-0.7.0-150300.3.17.2.noarch",
                "product": {
                  "name": "prometheus-formula-0.7.0-150300.3.17.2.noarch",
                  "product_id": "prometheus-formula-0.7.0-150300.3.17.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
                "product": {
                  "name": "py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
                  "product_id": "py27-compat-salt-3000.3-150300.7.7.29.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
                "product": {
                  "name": "python2-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
                  "product_id": "python2-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
                "product": {
                  "name": "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
                  "product_id": "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
                "product": {
                  "name": "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
                  "product_id": "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
                "product": {
                  "name": "python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
                  "product_id": "python3-mgr-osad-4.2.9-150300.2.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-rhnlib-4.2.7-150300.4.12.2.noarch",
                "product": {
                  "name": "python3-rhnlib-4.2.7-150300.4.12.2.noarch",
                  "product_id": "python3-rhnlib-4.2.7-150300.4.12.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
                "product": {
                  "name": "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
                  "product_id": "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
                "product": {
                  "name": "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
                  "product_id": "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
                "product": {
                  "name": "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
                  "product_id": "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
                "product": {
                  "name": "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
                  "product_id": "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-netapi-client-0.21.0-150300.3.12.4.noarch",
                "product": {
                  "name": "salt-netapi-client-0.21.0-150300.3.12.4.noarch",
                  "product_id": "salt-netapi-client-0.21.0-150300.3.12.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-netapi-client-javadoc-0.21.0-150300.3.12.4.noarch",
                "product": {
                  "name": "salt-netapi-client-javadoc-0.21.0-150300.3.12.4.noarch",
                  "product_id": "salt-netapi-client-javadoc-0.21.0-150300.3.12.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
                "product": {
                  "name": "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
                  "product_id": "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacecmd-4.2.21-150300.4.33.2.noarch",
                "product": {
                  "name": "spacecmd-4.2.21-150300.4.33.2.noarch",
                  "product_id": "spacecmd-4.2.21-150300.4.33.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-admin-4.2.13-150300.3.18.1.noarch",
                "product": {
                  "name": "spacewalk-admin-4.2.13-150300.3.18.1.noarch",
                  "product_id": "spacewalk-admin-4.2.13-150300.3.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-cdn-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-cdn-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-cdn-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
                "product": {
                  "name": "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
                  "product_id": "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-4.2.32-150300.3.36.4.noarch",
                "product": {
                  "name": "spacewalk-base-4.2.32-150300.3.36.4.noarch",
                  "product_id": "spacewalk-base-4.2.32-150300.3.36.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
                  "product_id": "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
                  "product_id": "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
                "product": {
                  "name": "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
                  "product_id": "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-check-4.2.22-150300.4.30.2.noarch",
                "product": {
                  "name": "spacewalk-check-4.2.22-150300.4.30.2.noarch",
                  "product_id": "spacewalk-check-4.2.22-150300.4.30.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
                "product": {
                  "name": "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
                  "product_id": "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
                "product": {
                  "name": "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
                  "product_id": "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-dobby-4.2.32-150300.3.36.4.noarch",
                "product": {
                  "name": "spacewalk-dobby-4.2.32-150300.3.36.4.noarch",
                  "product_id": "spacewalk-dobby-4.2.32-150300.3.36.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-html-4.2.32-150300.3.36.4.noarch",
                "product": {
                  "name": "spacewalk-html-4.2.32-150300.3.36.4.noarch",
                  "product_id": "spacewalk-html-4.2.32-150300.3.36.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-html-debug-4.2.32-150300.3.36.4.noarch",
                "product": {
                  "name": "spacewalk-html-debug-4.2.32-150300.3.36.4.noarch",
                  "product_id": "spacewalk-html-debug-4.2.32-150300.3.36.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-4.2.47-150300.3.58.1.noarch",
                "product": {
                  "name": "spacewalk-java-4.2.47-150300.3.58.1.noarch",
                  "product_id": "spacewalk-java-4.2.47-150300.3.58.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-apidoc-sources-4.2.47-150300.3.58.1.noarch",
                "product": {
                  "name": "spacewalk-java-apidoc-sources-4.2.47-150300.3.58.1.noarch",
                  "product_id": "spacewalk-java-apidoc-sources-4.2.47-150300.3.58.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
                "product": {
                  "name": "spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
                  "product_id": "spacewalk-java-config-4.2.47-150300.3.58.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
                "product": {
                  "name": "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
                  "product_id": "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
                "product": {
                  "name": "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
                  "product_id": "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
                "product": {
                  "name": "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
                  "product_id": "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
                "product": {
                  "name": "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
                  "product_id": "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
                "product": {
                  "name": "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
                  "product_id": "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
                "product": {
                  "name": "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
                  "product_id": "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
                "product": {
                  "name": "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
                  "product_id": "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
                "product": {
                  "name": "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
                  "product_id": "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
                "product": {
                  "name": "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
                  "product_id": "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-search-4.2.9-150300.3.15.2.noarch",
                "product": {
                  "name": "spacewalk-search-4.2.9-150300.3.15.2.noarch",
                  "product_id": "spacewalk-search-4.2.9-150300.3.15.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
                "product": {
                  "name": "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
                  "product_id": "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
                "product": {
                  "name": "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
                  "product_id": "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
                "product": {
                  "name": "susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
                  "product_id": "susemanager-build-keys-15.3.6-150300.3.6.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
                "product": {
                  "name": "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
                  "product_id": "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
                "product": {
                  "name": "susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
                  "product_id": "susemanager-doc-indexes-4.2-150300.12.39.4.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-docs_en-4.2-150300.12.39.2.noarch",
                "product": {
                  "name": "susemanager-docs_en-4.2-150300.12.39.2.noarch",
                  "product_id": "susemanager-docs_en-4.2-150300.12.39.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
                "product": {
                  "name": "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
                  "product_id": "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-schema-4.2.27-150300.3.35.1.noarch",
                "product": {
                  "name": "susemanager-schema-4.2.27-150300.3.35.1.noarch",
                  "product_id": "susemanager-schema-4.2.27-150300.3.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-schema-sanity-4.2.27-150300.3.35.1.noarch",
                "product": {
                  "name": "susemanager-schema-sanity-4.2.27-150300.3.35.1.noarch",
                  "product_id": "susemanager-schema-sanity-4.2.27-150300.3.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-sls-4.2.31-150300.3.43.1.noarch",
                "product": {
                  "name": "susemanager-sls-4.2.31-150300.3.43.1.noarch",
                  "product_id": "susemanager-sls-4.2.31-150300.3.43.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
                "product": {
                  "name": "uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
                  "product_id": "uyuni-config-modules-4.2.31-150300.3.43.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
                "product": {
                  "name": "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
                  "product_id": "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
                "product": {
                  "name": "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
                  "product_id": "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtual-host-gatherer-Libvirt-1.0.24-150300.3.9.2.noarch",
                "product": {
                  "name": "virtual-host-gatherer-Libvirt-1.0.24-150300.3.9.2.noarch",
                  "product_id": "virtual-host-gatherer-Libvirt-1.0.24-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
                "product": {
                  "name": "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
                  "product_id": "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
                "product": {
                  "name": "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
                  "product_id": "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
                "product": {
                  "name": "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
                  "product_id": "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "woodstox-4.4.2-150300.3.6.2.noarch",
                "product": {
                  "name": "woodstox-4.4.2-150300.3.6.2.noarch",
                  "product_id": "woodstox-4.4.2-150300.3.6.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
                "product": {
                  "name": "inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
                  "product_id": "inter-server-sync-0.2.7-150300.8.28.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
                  "product_id": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
                  "product_id": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "smdba-1.7.11-0.150300.3.12.2.ppc64le",
                "product": {
                  "name": "smdba-1.7.11-0.150300.3.12.2.ppc64le",
                  "product_id": "smdba-1.7.11-0.150300.3.12.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.40-150300.3.49.1.ppc64le",
                "product": {
                  "name": "susemanager-4.2.40-150300.3.49.1.ppc64le",
                  "product_id": "susemanager-4.2.40-150300.3.49.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
                "product": {
                  "name": "susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
                  "product_id": "susemanager-tools-4.2.40-150300.3.49.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.7-150300.8.28.2.s390x",
                "product": {
                  "name": "inter-server-sync-0.2.7-150300.8.28.2.s390x",
                  "product_id": "inter-server-sync-0.2.7-150300.8.28.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
                  "product_id": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
                  "product_id": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "smdba-1.7.11-0.150300.3.12.2.s390x",
                "product": {
                  "name": "smdba-1.7.11-0.150300.3.12.2.s390x",
                  "product_id": "smdba-1.7.11-0.150300.3.12.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.40-150300.3.49.1.s390x",
                "product": {
                  "name": "susemanager-4.2.40-150300.3.49.1.s390x",
                  "product_id": "susemanager-4.2.40-150300.3.49.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.40-150300.3.49.1.s390x",
                "product": {
                  "name": "susemanager-tools-4.2.40-150300.3.49.1.s390x",
                  "product_id": "susemanager-tools-4.2.40-150300.3.49.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "inter-server-sync-0.2.7-150300.8.28.2.x86_64",
                "product": {
                  "name": "inter-server-sync-0.2.7-150300.8.28.2.x86_64",
                  "product_id": "inter-server-sync-0.2.7-150300.8.28.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
                "product": {
                  "name": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
                  "product_id": "python2-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
                "product": {
                  "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
                  "product_id": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "smdba-1.7.11-0.150300.3.12.2.x86_64",
                "product": {
                  "name": "smdba-1.7.11-0.150300.3.12.2.x86_64",
                  "product_id": "smdba-1.7.11-0.150300.3.12.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.2.40-150300.3.49.1.x86_64",
                "product": {
                  "name": "susemanager-4.2.40-150300.3.49.1.x86_64",
                  "product_id": "susemanager-4.2.40-150300.3.49.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.2.40-150300.3.49.1.x86_64",
                "product": {
                  "name": "susemanager-tools-4.2.40-150300.3.49.1.x86_64",
                  "product_id": "susemanager-tools-4.2.40-150300.3.49.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy Module 4.2",
                "product": {
                  "name": "SUSE Manager Proxy Module 4.2",
                  "product_id": "SUSE Manager Proxy Module 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server Module 4.2",
                "product": {
                  "name": "SUSE Manager Server Module 4.2",
                  "product_id": "SUSE Manager Server Module 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mgr-osad-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch"
        },
        "product_reference": "mgr-osad-4.2.9-150300.2.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch"
        },
        "product_reference": "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-mgr-osad-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch"
        },
        "product_reference": "python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rhnlib-4.2.7-150300.4.12.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch"
        },
        "product_reference": "python3-rhnlib-4.2.7-150300.4.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch"
        },
        "product_reference": "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64 as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacecmd-4.2.21-150300.4.33.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch"
        },
        "product_reference": "spacecmd-4.2.21-150300.4.33.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch"
        },
        "product_reference": "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch"
        },
        "product_reference": "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-check-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "spacewalk-check-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch"
        },
        "product_reference": "spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch"
        },
        "product_reference": "spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch"
        },
        "product_reference": "spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch"
        },
        "product_reference": "spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch"
        },
        "product_reference": "spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch"
        },
        "product_reference": "spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch"
        },
        "product_reference": "spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-build-keys-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch"
        },
        "product_reference": "susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Proxy Module 4.2",
          "product_id": "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch"
        },
        "product_reference": "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cobbler-3.1.2-150300.5.19.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch"
        },
        "product_reference": "cobbler-3.1.2-150300.5.19.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "drools-7.17.0-150300.4.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch"
        },
        "product_reference": "drools-7.17.0-150300.4.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "grafana-formula-0.8.1-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch"
        },
        "product_reference": "grafana-formula-0.8.1-150300.3.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "inter-server-sync-0.2.7-150300.8.28.2.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le"
        },
        "product_reference": "inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "inter-server-sync-0.2.7-150300.8.28.2.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x"
        },
        "product_reference": "inter-server-sync-0.2.7-150300.8.28.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "inter-server-sync-0.2.7-150300.8.28.2.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64"
        },
        "product_reference": "inter-server-sync-0.2.7-150300.8.28.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch"
        },
        "product_reference": "mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-formula-0.7.0-150300.3.17.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch"
        },
        "product_reference": "prometheus-formula-0.7.0-150300.3.17.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "py27-compat-salt-3000.3-150300.7.7.29.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch"
        },
        "product_reference": "py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch"
        },
        "product_reference": "python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch"
        },
        "product_reference": "python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rhnlib-4.2.7-150300.4.12.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch"
        },
        "product_reference": "python3-rhnlib-4.2.7-150300.4.12.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch"
        },
        "product_reference": "python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64"
        },
        "product_reference": "python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-netapi-client-0.21.0-150300.3.12.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch"
        },
        "product_reference": "salt-netapi-client-0.21.0-150300.3.12.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch"
        },
        "product_reference": "saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "smdba-1.7.11-0.150300.3.12.2.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le"
        },
        "product_reference": "smdba-1.7.11-0.150300.3.12.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "smdba-1.7.11-0.150300.3.12.2.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x"
        },
        "product_reference": "smdba-1.7.11-0.150300.3.12.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "smdba-1.7.11-0.150300.3.12.2.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64"
        },
        "product_reference": "smdba-1.7.11-0.150300.3.12.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacecmd-4.2.21-150300.4.33.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch"
        },
        "product_reference": "spacecmd-4.2.21-150300.4.33.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-admin-4.2.13-150300.3.18.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch"
        },
        "product_reference": "spacewalk-admin-4.2.13-150300.3.18.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch"
        },
        "product_reference": "spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch"
        },
        "product_reference": "spacewalk-base-4.2.32-150300.3.36.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch"
        },
        "product_reference": "spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch"
        },
        "product_reference": "spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch"
        },
        "product_reference": "spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-html-4.2.32-150300.3.36.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch"
        },
        "product_reference": "spacewalk-html-4.2.32-150300.3.36.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch"
        },
        "product_reference": "spacewalk-java-4.2.47-150300.3.58.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-config-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch"
        },
        "product_reference": "spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch"
        },
        "product_reference": "spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch"
        },
        "product_reference": "spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-search-4.2.9-150300.3.15.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch"
        },
        "product_reference": "spacewalk-search-4.2.9-150300.3.15.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch"
        },
        "product_reference": "spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch"
        },
        "product_reference": "supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.2.40-150300.3.49.1.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le"
        },
        "product_reference": "susemanager-4.2.40-150300.3.49.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.2.40-150300.3.49.1.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x"
        },
        "product_reference": "susemanager-4.2.40-150300.3.49.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.2.40-150300.3.49.1.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64"
        },
        "product_reference": "susemanager-4.2.40-150300.3.49.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-build-keys-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch"
        },
        "product_reference": "susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch"
        },
        "product_reference": "susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-doc-indexes-4.2-150300.12.39.4.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch"
        },
        "product_reference": "susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-docs_en-4.2-150300.12.39.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch"
        },
        "product_reference": "susemanager-docs_en-4.2-150300.12.39.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch"
        },
        "product_reference": "susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-schema-4.2.27-150300.3.35.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch"
        },
        "product_reference": "susemanager-schema-4.2.27-150300.3.35.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-sls-4.2.31-150300.3.43.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch"
        },
        "product_reference": "susemanager-sls-4.2.31-150300.3.43.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.2.40-150300.3.49.1.ppc64le as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le"
        },
        "product_reference": "susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.2.40-150300.3.49.1.s390x as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x"
        },
        "product_reference": "susemanager-tools-4.2.40-150300.3.49.1.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.2.40-150300.3.49.1.x86_64 as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64"
        },
        "product_reference": "susemanager-tools-4.2.40-150300.3.49.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "uyuni-config-modules-4.2.31-150300.3.43.1.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch"
        },
        "product_reference": "uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch"
        },
        "product_reference": "virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch"
        },
        "product_reference": "virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch"
        },
        "product_reference": "virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch"
        },
        "product_reference": "virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch"
        },
        "product_reference": "virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "woodstox-4.4.2-150300.3.6.2.noarch as component of SUSE Manager Server Module 4.2",
          "product_id": "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
        },
        "product_reference": "woodstox-4.4.2-150300.3.6.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-42740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-42740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
          "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
          "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-42740",
          "url": "https://www.suse.com/security/cve/CVE-2021-42740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203287 for CVE-2021-42740",
          "url": "https://bugzilla.suse.com/1203287"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-03-02T08:32:44Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2021-42740"
    },
    {
      "cve": "CVE-2022-0860",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0860"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
          "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
          "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0860",
          "url": "https://www.suse.com/security/cve/CVE-2022-0860"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197027 for CVE-2022-0860",
          "url": "https://bugzilla.suse.com/1197027"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-03-02T08:32:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-0860"
    },
    {
      "cve": "CVE-2022-1415",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1415"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
          "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
          "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1415",
          "url": "https://www.suse.com/security/cve/CVE-2022-1415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204879 for CVE-2022-1415",
          "url": "https://bugzilla.suse.com/1204879"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-03-02T08:32:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-1415"
    },
    {
      "cve": "CVE-2022-31129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-31129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
          "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
          "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-31129",
          "url": "https://www.suse.com/security/cve/CVE-2022-31129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203288 for CVE-2022-31129",
          "url": "https://bugzilla.suse.com/1203288"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-03-02T08:32:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-40152",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-40152"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
          "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
          "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
          "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
          "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
          "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
          "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
          "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
          "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
          "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
          "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
          "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
          "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
          "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
          "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
          "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
          "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-40152",
          "url": "https://www.suse.com/security/cve/CVE-2022-40152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203521 for CVE-2022-40152",
          "url": "https://bugzilla.suse.com/1203521"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.2:mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-mgr-osad-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Proxy Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-check-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-setup-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-broker-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-common-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-installer-4.2.11-150300.3.14.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-management-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-package-manager-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-redirect-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:spacewalk-proxy-salt-4.2.13-150300.3.24.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Proxy Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:cobbler-3.1.2-150300.5.19.1.noarch",
            "SUSE Manager Server Module 4.2:drools-7.17.0-150300.4.9.2.noarch",
            "SUSE Manager Server Module 4.2:grafana-formula-0.8.1-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.ppc64le",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.s390x",
            "SUSE Manager Server Module 4.2:inter-server-sync-0.2.7-150300.8.28.2.x86_64",
            "SUSE Manager Server Module 4.2:mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:prometheus-formula-0.7.0-150300.3.17.2.noarch",
            "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-150300.7.7.29.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-common-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-mgr-osa-dispatcher-4.2.9-150300.2.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-rhnlib-4.2.7-150300.4.12.2.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.ppc64le",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.s390x",
            "SUSE Manager Server Module 4.2:python3-uyuni-common-libs-4.2.9-150300.3.14.1.x86_64",
            "SUSE Manager Server Module 4.2:salt-netapi-client-0.21.0-150300.3.12.4.noarch",
            "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1676908681.e90e0b1-150300.3.15.1.noarch",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.ppc64le",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.s390x",
            "SUSE Manager Server Module 4.2:smdba-1.7.11-0.150300.3.12.2.x86_64",
            "SUSE Manager Server Module 4.2:spacecmd-4.2.21-150300.4.33.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-admin-4.2.13-150300.3.18.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.26-150300.4.35.6.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.19-150300.3.27.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.22-150300.4.30.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-html-4.2.32-150300.3.36.4.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-search-4.2.9-150300.3.15.2.noarch",
            "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.47-150300.3.58.1.noarch",
            "SUSE Manager Server Module 4.2:supportutils-plugin-susemanager-4.2.5-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.6-150300.3.6.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-150300.12.39.4.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-150300.12.39.2.noarch",
            "SUSE Manager Server Module 4.2:susemanager-schema-4.2.27-150300.3.35.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-sls-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.ppc64le",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.s390x",
            "SUSE Manager Server Module 4.2:susemanager-tools-4.2.40-150300.3.49.1.x86_64",
            "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.31-150300.3.43.1.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Kubernetes-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-Nutanix-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-VMware-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:virtual-host-gatherer-libcloud-1.0.24-150300.3.9.2.noarch",
            "SUSE Manager Server Module 4.2:woodstox-4.4.2-150300.3.6.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-03-02T08:32:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-40152"
    }
  ]
}

WID-SEC-W-2022-0944

Vulnerability from csaf_certbund - Published: 2022-08-08 22:00 - Updated: 2025-11-18 23:00

Summary

Red Hat OpenShift Service Mesh: Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift Service Mesh ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2022-31129

Affected products

Known affected 14 products

Product	Identifier	Version
Red Hat OpenShift Service Mesh 2.2 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_2.2`	Service Mesh 2.2
Tenable Security Nessus <10.3.1 Tenable Security / Nessus		<10.3.1
Red Hat OpenShift Service Mesh 2.1 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_2.1`	Service Mesh 2.1
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat OpenShift Service Mesh 2.0 Red Hat / OpenShift	`cpe:/a:redhat:openshift:service_mesh_2.0`	Service Mesh 2.0
Atlassian Confluence <8.9.3-8.9.7 > Atlassian / Confluence		<8.9.3-8.9.7 >
Atlassian Confluence <8.5.11-8.5.16 (LTS) > Atlassian / Confluence		<8.5.11-8.5.16 (LTS) >
Atlassian Confluence <7.19.26-7.19.28 (LTS)) > Atlassian / Confluence		<7.19.26-7.19.28 (LTS)) >
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Atlassian Bitbucket <9.4.13 (LTS) Atlassian / Bitbucket		<9.4.13 (LTS)
Tenable Security Nessus Network Monitor <6.2.0 Tenable Security / Nessus Network Monitor		<6.2.0
Atlassian Bitbucket <8.19.25 (LTS) Atlassian / Bitbucket		<8.19.25 (LTS)
Atlassian Bitbucket <10.0.2 Atlassian / Bitbucket		<10.0.2

References

33 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2022:5913	external
https://access.redhat.com/errata/RHSA-2022:5914	external
https://access.redhat.com/errata/RHSA-2022:5915	external
https://ubuntu.com/security/notices/USN-5559-1	external
https://access.redhat.com/errata/RHSA-2022:6156	external
https://access.redhat.com/errata/RHSA-2022:6271	external
https://access.redhat.com/errata/RHSA-2022:6272	external
https://access.redhat.com/errata/RHSA-2022:6277	external
https://access.redhat.com/errata/RHSA-2022:6345	external
https://access.redhat.com/errata/RHSA-2022:6370	external
https://access.redhat.com/errata/RHSA-2022:6393	external
https://access.redhat.com/errata/RHSA-2022:6392	external
https://access.redhat.com/errata/RHSA-2022:6422	external
https://access.redhat.com/errata/RHSA-2022:6507	external
https://access.redhat.com/errata/RHSA-2022:6696	external
https://access.redhat.com/errata/RHSA-2022:6813	external
https://access.redhat.com/errata/RHSA-2022:6835	external
https://www.tenable.com/security/tns-2022-20	external
https://access.redhat.com/errata/RHSA-2022:7276	external
https://access.redhat.com/errata/RHSA-2022:7313	external
https://access.redhat.com/errata/RHSA-2022:8652	external
https://www.tenable.com/security/tns-2022-28	external
https://access.redhat.com/errata/RHSA-2023:1043	external
https://access.redhat.com/errata/RHSA-2023:1047	external
https://access.redhat.com/errata/RHSA-2023:1045	external
https://access.redhat.com/errata/RHSA-2023:1044	external
https://access.redhat.com/errata/RHSA-2023:1049	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2023:1486	external
https://confluence.atlassian.com/pages/viewpage.a…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift Service Mesh ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0944 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0944.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0944 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0944"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2022-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:5913"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2022-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:5914"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2022-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:5915"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5559-1 vom 2022-08-10",
        "url": "https://ubuntu.com/security/notices/USN-5559-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6156 vom 2022-08-24",
        "url": "https://access.redhat.com/errata/RHSA-2022:6156"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6271 vom 2022-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2022:6271"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6272 vom 2022-08-31",
        "url": "https://access.redhat.com/errata/RHSA-2022:6272"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6277 vom 2022-09-01",
        "url": "https://access.redhat.com/errata/RHSA-2022:6277"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6345 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6345"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6370 vom 2022-09-07",
        "url": "https://access.redhat.com/errata/RHSA-2022:6370"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6393 vom 2022-09-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:6393"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6392 vom 2022-09-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:6392"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6422 vom 2022-09-13",
        "url": "https://access.redhat.com/errata/RHSA-2022:6422"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6507 vom 2022-09-14",
        "url": "https://access.redhat.com/errata/RHSA-2022:6507"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6696 vom 2022-09-26",
        "url": "https://access.redhat.com/errata/RHSA-2022:6696"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6813 vom 2022-10-05",
        "url": "https://access.redhat.com/errata/RHSA-2022:6813"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6835 vom 2022-10-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6835"
      },
      {
        "category": "external",
        "summary": "Tenable Security Advisory TNS-2022-20 vom 2022-10-26",
        "url": "https://www.tenable.com/security/tns-2022-20"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7276 vom 2022-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2022:7276"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7313 vom 2022-11-02",
        "url": "https://access.redhat.com/errata/RHSA-2022:7313"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2022:8652"
      },
      {
        "category": "external",
        "summary": "Tenable Security Advisory TNS-2022-28 vom 2022-12-19",
        "url": "https://www.tenable.com/security/tns-2022-28"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1043 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1043"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1047 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1047"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1045 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1045"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1044 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1044"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1049 vom 2023-03-02",
        "url": "https://access.redhat.com/errata/RHSA-2023:1049"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0593-1 vom 2023-03-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/013958.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:1486 vom 2023-03-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:1486"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin vom 2024-10-15",
        "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1442910972"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat OpenShift Service Mesh: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:45.848+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2022-0944",
      "initial_release_date": "2022-08-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-08-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-08-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2022-08-24T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-31T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-06T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-08T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-12T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-13T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-26T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-05T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-06T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-26T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Tenable aufgenommen"
        },
        {
          "date": "2022-11-01T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-02T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-28T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-12-19T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Tenable aufgenommen"
        },
        {
          "date": "2023-03-01T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-03-02T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-03-27T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "21"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c10.0.2",
                  "product_id": "T048675"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket 10.0.2",
                  "product_id": "T048675-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
                  "product_id": "T048676"
                }
              },
              {
                "category": "product_version",
                "name": "8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 8.19.25 (LTS)",
                  "product_id": "T048676-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
                  "product_id": "T048677"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 9.4.13 (LTS)",
                  "product_id": "T048677-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.9.3-8.9.7 \u003e",
                "product": {
                  "name": "Atlassian Confluence \u003c8.9.3-8.9.7 \u003e",
                  "product_id": "T038434"
                }
              },
              {
                "category": "product_version_range",
                "name": "8.9.3-8.9.7 \u003e",
                "product": {
                  "name": "Atlassian Confluence 8.9.3-8.9.7 \u003e",
                  "product_id": "T038434-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.11-8.5.16 (LTS) \u003e",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.11-8.5.16 (LTS) \u003e",
                  "product_id": "T038435"
                }
              },
              {
                "category": "product_version_range",
                "name": "8.5.11-8.5.16 (LTS) \u003e",
                "product": {
                  "name": "Atlassian Confluence 8.5.11-8.5.16 (LTS) \u003e",
                  "product_id": "T038435-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.19.26-7.19.28 (LTS)) \u003e",
                "product": {
                  "name": "Atlassian Confluence \u003c7.19.26-7.19.28 (LTS)) \u003e",
                  "product_id": "T038436"
                }
              },
              {
                "category": "product_version_range",
                "name": "7.19.26-7.19.28 (LTS)) \u003e",
                "product": {
                  "name": "Atlassian Confluence 7.19.26-7.19.28 (LTS)) \u003e",
                  "product_id": "T038436-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Service Mesh 2.0",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 2.0",
                  "product_id": "T019393",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh_2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Service Mesh 2.1",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 2.1",
                  "product_id": "T024194",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh_2.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Service Mesh 2.2",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 2.2",
                  "product_id": "T024195",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:service_mesh_2.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.3.1",
                "product": {
                  "name": "Tenable Security Nessus \u003c10.3.1",
                  "product_id": "T025130"
                }
              },
              {
                "category": "product_version",
                "name": "10.3.1",
                "product": {
                  "name": "Tenable Security Nessus 10.3.1",
                  "product_id": "T025130-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:tenable:nessus:10.3.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nessus"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.2.0",
                "product": {
                  "name": "Tenable Security Nessus Network Monitor \u003c6.2.0",
                  "product_id": "T025651"
                }
              },
              {
                "category": "product_version",
                "name": "6.2.0",
                "product": {
                  "name": "Tenable Security Nessus Network Monitor 6.2.0",
                  "product_id": "T025651-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:tenable:nessus_network_monitor:6.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nessus Network Monitor"
          }
        ],
        "category": "vendor",
        "name": "Tenable Security"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31129",
      "product_status": {
        "known_affected": [
          "T024195",
          "T025130",
          "T024194",
          "67646",
          "T019393",
          "T038434",
          "T038435",
          "T038436",
          "T002207",
          "T000126",
          "T048677",
          "T025651",
          "T048676",
          "T048675"
        ]
      },
      "release_date": "2022-08-08T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    }
  ]
}

WID-SEC-W-2022-1476

Vulnerability from csaf_certbund - Published: 2022-09-19 22:00 - Updated: 2023-03-02 23:00

Summary

SUSE Manager: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: SUSE Manager basiert auf Spacewalk, welche die Codebase vom Red Hat Satellite Server nutzt und ermöglicht ein zentrale Systemmanagement von Linux-Umgebungen.

Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in SUSE Manager ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuführen, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - UNIX - Linux

CVE-2021-41411

Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente drools aufgrund einer XML External Entity (XXE) Schwachstelle in KieModuleMarshaller.java. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

CVE-2021-42740

Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Node.js aufgrund einer Befehlsinjektion. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er durch eine Regex, die für die Unterstützung von Windows-Laufwerksbuchstaben entwickelt wurde, uneingescapte Shell-Metazeichen einfügt, um beliebigen Code auszuführen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

CVE-2021-43138

Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Async in der mapValues()-Methode aufgrund einer Prototypenverschmutzung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

CVE-2022-31129

Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Moment aufgrund eines ineffizienten Parsing-Algorithmus. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er Eingaben mit mehr als 10k Zeichen übermittelt, um einen Denial-of-Service-Zustand auszulösen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "SUSE Manager basiert auf Spacewalk, welche die Codebase vom Red Hat\r\nSatellite Server nutzt und erm\u00f6glicht ein zentrale Systemmanagement von Linux-Umgebungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in SUSE Manager ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern und einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1476 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1476.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1476 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1476"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:0593-1 vom 2023-03-02",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/013958.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Advisory vom 2022-09-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012289.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Advisory vom 2022-09-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012286.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Advisory vom 2022-09-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012291.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3761-1 vom 2022-10-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:3750-1 vom 2022-10-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012690.html"
      }
    ],
    "source_lang": "en-US",
    "title": "SUSE Manager: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-03-02T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:35:26.337+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-1476",
      "initial_release_date": "2022-09-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-09-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-10-26T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-03-02T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE Manager \u003c 4.2.9",
            "product": {
              "name": "SUSE Manager \u003c 4.2.9",
              "product_id": "T024662",
              "product_identification_helper": {
                "cpe": "cpe:/a:suse:manager:4.2.9"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-41411",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente drools aufgrund einer XML External Entity (XXE) Schwachstelle in KieModuleMarshaller.java. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207"
        ]
      },
      "release_date": "2022-09-19T22:00:00.000+00:00",
      "title": "CVE-2021-41411"
    },
    {
      "cve": "CVE-2021-42740",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Node.js aufgrund einer Befehlsinjektion. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er durch eine Regex, die f\u00fcr die Unterst\u00fctzung von Windows-Laufwerksbuchstaben entwickelt wurde, uneingescapte Shell-Metazeichen einf\u00fcgt, um beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207"
        ]
      },
      "release_date": "2022-09-19T22:00:00.000+00:00",
      "title": "CVE-2021-42740"
    },
    {
      "cve": "CVE-2021-43138",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Async in der mapValues()-Methode aufgrund einer Prototypenverschmutzung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207"
        ]
      },
      "release_date": "2022-09-19T22:00:00.000+00:00",
      "title": "CVE-2021-43138"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in SUSE Manager. Der Fehler besteht in der Komponente Moment aufgrund eines ineffizienten Parsing-Algorithmus. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er Eingaben mit mehr als 10k Zeichen \u00fcbermittelt, um einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207"
        ]
      },
      "release_date": "2022-09-19T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-31129 (GCVE-0-2022-31129)

Tags

Sightings

Nomenclature